This is a tshark command to output packet capture live to a windows txt file.
tshark -i your_interface -V > your _path _to _text _file
This is a tshark command to output the wireshark GUI column data of the pcap to the txt file
tshark -n -r path _ of _ pcap_file > path _ of _ txt _ file
My expected windows txt output :
1 0.000000 220.127.116.11 -> 192.168.0.1 TCP 54 35165 > 80 [SYN] Seq=0 Win=16384 Len=0
2 0.000001 18.104.22.168 -> 192.168.0.1 TCP 54 14378 > 80 [SYN] Seq=0 Win=16384 Len=0
3 0.000003 22.214.171.124 -> 192.168.0.1 TCP 54 31944 > 80 [SYN] Seq=0 Win=16384 Len=0
First Question : How do i know what is the interface to capture the packets live and how to address that in a tshark command as its IP address or its name?
Second Question : I would like to capture the packet data live, generate the above txt output that i expect to a txt file as in "combining the two tshark commands" stated above??
asked 23 Apr '12, 00:30
edited 23 Apr '12, 00:35
You can't specify an interface by IP address. If you run
You combine the two commands by taking the first command, removing
answered 23 Apr '12, 01:03
Guy Harris ♦♦