This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to view, filter, search a raw capture running on RedHat Linux / Command line analysis like usage of GUI

0

I basically want to type in a string to search a raw capture within Linux vs GUI. How is the possible? what are all the commands(within reason)?

asked 17 May '13, 13:14

Vurcos's gravatar image

Vurcos
1111
accept rate: 0%


One Answer:

0

You could try the following display filter:

frame contains "YourString"

either in the Wireshark GUI, or as value to the parameter "-R" when running tshark, e.g. tshark -r "capturefile.pcap" -R "frame contains \"YourString\"".

If you use quotation marks within a filter on the command line you need to escape them with a backslash, as seen in the example.

answered 17 May '13, 17:00

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%