Hello! I need capture traffic from 1500 hosts. I write this rule "host X.X.X.X or host X.X.X.X....... e.g.". When I try run capture with this rule I see "Error". I know that this rule is correct, because with lower count of hosts this rule accepted Wireshark and programm properly done. Sometimes big rules correct run/done. With tshark result the same like Wireshark. What can I do for correct working this rule? I want capture traffic with Wireshark and Tshark asked 11 Apr '15, 12:01  Aleksandr edited 11 Apr '15, 12:02 |
One Answer:
There was something else. Like "Coudn't find interface..." and some text in bad codepage. But early I wrote tshark -i 6 -b duration:14400 -B 50 -w D:\test.pcap "host 1.2.3.4 or host 2.3.4.5. or... e.g" and this version of rule I have this a problem. Now I writing with -f key tshark -i 6 -b duration:14400 -B 50 -w D:\test.pcap -f "host 1.2.3.4 or host 2.3.4.5. or... e.g" and this problem gone out. If this problem repeat with this key I will write here again. Thank you for your answers! answered 11 Apr '15, 23:26 Aleksandr edited 11 Apr '15, 23:28 |
"Error", but nothing else? Does Wireshark or TShark say what type of error it was?