This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark commandline

0

When following command executed

wireshark -i \DEVICE\NPF_{42C75388-2A3B-4C42-B581-F1E7604B7255} -k -f port 80 -c 10

wireshark:You can't specify both a live capture and a capture file to be read.

Any reason for this message

asked 11 Jun '13, 20:44

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%

edited 11 Jun '13, 20:54

One Answer:
active answersoldest answersnewest answerspopular answers
2

You need to contain the capture filter in quotes:

wireshark -i \DEVICE\NPF_{42C75388-2A3B-4C42-B581-F1E7604B7255} -k -f "port 80" -c 10

permanent link

answered 11 Jun '13, 21:02

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

Thanks it worked but wireshark -i \DEVICE\NPF_{42C75388-2A3B-4C42-B581-F1E7604B7255} -k -f tcp -c 10 is working with out any quotes.

(11 Jun '13, 21:05) krishnayeddula

That one works without quotes because there is no space in it. If you have spaces, you need quotes to contain it otherwise it thinks "port" is your capture filter and it doesn't know what 80 is.

(11 Jun '13, 21:10) Quadratic
1

Another note, if you run tshark -D you will get a list of the configured adaptors ordered by "index" and that index number can be used in place of the \Device\NPF_{GUID} string, e.g. tshark -i 1 ...

(11 Jun '13, 23:44) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×9

question asked: 11 Jun '13, 20:44

question was seen: 1,765 times

last updated: 11 Jun '13, 23:44

Related questions

How to create analysed statistics like wireshark at commandline (with tshark or ...)

Wireshark from the command line

Can I retrieve all the values for the same attribute name (Column name)?

Nmake All Errors - Invalid Numeric Argument / Missing Source Filename.

How do I capture packet?

Automating extraction of UDP payload from pcap file

Wireshark Command Line Dumpcap

Load capture file from command line, using wireshark.exe

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A