This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to output wireshark captures to a new file ?

0

i am using linux and i'm trying through the command line to capture certain number of packets and save them to a pcap file in a certain directory, i used this command but something is wrong it's not being saved !

wireshark -f tcp -i eth1 -k -c 700 -w ~/dev/shm/new.pcap

any help?

asked 15 Jun '15, 10:21

yas1234's gravatar image

yas1234
16182023
accept rate: 0%

One Answer:

0

Please use dumpcap or tcpdump to capture frames on the CLI.

dumpcap -ni eth1 -c 700 -w ~/new.pcap -f "tcp"
tcpdump -ni eth1 -c 700 -w ~/new.pcap "tcp"

BTW: If you are using the capture filter "tcp" and there is no TCP traffic on eth1, you won't see anything!

Regards
Kurt

answered 15 Jun '15, 10:40

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%