This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I was wondering if it's possible to chose the name of the output file of tshark. tshark automatically adds the timestamp to the name I give (e.g. "file"), but I would like to get rid of that and instead have just a number, like "file1", "file2", "file3", ... Is that possible? Thanks!

asked 13 Jul '15, 02:34

pat_celine's gravatar image

pat_celine
6112
accept rate: 0%

Can you provide the command? Default behavior of tshark output file names is not something like you said. Maybe you are using some extra options.

(14 Jul '15, 01:14) xmikro

Hi! Something like tshark -i 2 -a files:10 -b duration:300 -w "analysis\file.pcap" This outputs file_00001_20150714102556 as the first file (the last part is the timestamp). I'd like to get just file_0001, for example Thanks!

(14 Jul '15, 01:27) pat_celine

It is currently not possible to override the formatting of the file name. Either you have a static filename or you enable the "ringbuffer" mode. The exact (simple) format is defined source code of ringbuffer.c.

If you need a customizable output filename, please open a feature request at https://bugzilla.wireshark.org/.

permanent link

answered 15 Jul '15, 13:00

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×34
×2

question asked: 13 Jul '15, 02:34

question was seen: 1,789 times

last updated: 15 Jul '15, 13:00

p​o​w​e​r​e​d by O​S​Q​A