how to output wireshark captures to a new file ?


i am using linux and i'm trying through the command line to capture certain number of packets and save them to a pcap file in a certain directory, i used this command but something is wrong it's not being saved !

wireshark -f tcp -i eth1 -k -c 700 -w ~/dev/shm/new.pcap

any help?

Please use dumpcap or tcpdump to capture frames on the CLI.

dumpcap -ni eth1 -c 700 -w ~/new.pcap -f "tcp"
tcpdump -ni eth1 -c 700 -w ~/new.pcap "tcp"

BTW: If you are using the capture filter "tcp" and there is no TCP traffic on eth1, you won't see anything!


