Hello! I need capture traffic from 1500 hosts. I write this rule "host X.X.X.X or host X.X.X.X....... e.g.". When I try run capture with this rule I see "Error". I know that this rule is correct, because with lower count of hosts this rule accepted Wireshark and programm properly done. Sometimes big rules correct run/done. With tshark result the same like Wireshark.
What can I do for correct working this rule? I want capture traffic with Wireshark and Tshark
asked 11 Apr '15, 12:01
edited 11 Apr '15, 12:02
There was something else. Like "Coudn't find interface..." and some text in bad codepage. But early I wrote tshark -i 6 -b duration:14400 -B 50 -w D:\test.pcap "host 126.96.36.199 or host 188.8.131.52. or... e.g" and this version of rule I have this a problem. Now I writing with -f key tshark -i 6 -b duration:14400 -B 50 -w D:\test.pcap -f "host 184.108.40.206 or host 220.127.116.11. or... e.g" and this problem gone out. If this problem repeat with this key I will write here again. Thank you for your answers!
answered 11 Apr '15, 23:26
edited 11 Apr '15, 23:28