i am using linux and i'm trying through the command line to capture certain number of packets and save them to a pcap file in a certain directory, i used this command but something is wrong it's not being saved !
wireshark -f tcp -i eth1 -k -c 700 -w ~/dev/shm/new.pcap
asked 15 Jun '15, 10:21
Please use dumpcap or tcpdump to capture frames on the CLI.
BTW: If you are using the capture filter "tcp" and there is no TCP traffic on eth1, you won't see anything!
answered 15 Jun '15, 10:40
Kurt Knochner ♦