This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark change/choose outfile name

0

Hi, I was wondering if it's possible to chose the name of the output file of tshark. tshark automatically adds the timestamp to the name I give (e.g. "file"), but I would like to get rid of that and instead have just a number, like "file1", "file2", "file3", ... Is that possible? Thanks!

asked 13 Jul '15, 02:34

pat_celine's gravatar image

pat_celine
6112
accept rate: 0%

Can you provide the command? Default behavior of tshark output file names is not something like you said. Maybe you are using some extra options.

(14 Jul '15, 01:14) xmikro

Hi! Something like tshark -i 2 -a files:10 -b duration:300 -w "analysis\file.pcap" This outputs file_00001_20150714102556 as the first file (the last part is the timestamp). I'd like to get just file_0001, for example Thanks!

(14 Jul '15, 01:27) pat_celine

One Answer:

0

It is currently not possible to override the formatting of the file name. Either you have a static filename or you enable the "ringbuffer" mode. The exact (simple) format is defined source code of ringbuffer.c.

If you need a customizable output filename, please open a feature request at https://bugzilla.wireshark.org/.

answered 15 Jul '15, 13:00

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%