This is a static archive of our old Q&A Site. Please post any new questions and answers at

how to output wireshark captures to a new file ?


i am using linux and i'm trying through the command line to capture certain number of packets and save them to a pcap file in a certain directory, i used this command but something is wrong it's not being saved !

wireshark -f tcp -i eth1 -k -c 700 -w ~/dev/shm/new.pcap

any help?

asked 15 Jun '15, 10:21

yas1234's gravatar image

accept rate: 0%

One Answer:


Please use dumpcap or tcpdump to capture frames on the CLI.

dumpcap -ni eth1 -c 700 -w ~/new.pcap -f "tcp"
tcpdump -ni eth1 -c 700 -w ~/new.pcap "tcp"

BTW: If you are using the capture filter "tcp" and there is no TCP traffic on eth1, you won't see anything!


answered 15 Jun '15, 10:40

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%