This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark -w issue

0

Hello,

I'm trying to capture traffic on a port that's pushing about 600Mbps and figured the command line with a duration and file limit would be easiest. When I use

tshark -i 1 -a files:10 -b duration:2 -w test

I get

tshark: The file to which the capture would be saved ("test") could not be opened: No such file or directory.

Any suggestions? I'm pretty new to this so any help is appreciated.

Thanks, X

asked 04 Nov '15, 14:41

Xero's gravatar image

Xero
6112
accept rate: 0%


One Answer:

0

Which directory are you running the command from? You must have write permission to that directory if you're to save files to it. If you don't, you could specify a fully-qualified path for the output filename to a directory that you do have write access to, and I'd also recommend appending a .pcapng extension to the test filename so that the file will be associated with Wireshark. I'd further recommend adding the Wireshark installation directory to your PATH environment variable and then simply running the command from a directory you do have permission to write to without having to specify long paths for either the tshark command or the output filename.

answered 04 Nov '15, 14:59

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

I'd expect to get "Permission denied" rather than "No such file or directory" - open({path}, O_CREAT|..., {mode}) shouldn't fail with ENOENT unless some directory leading up to the final component was missing, and, in this case, the path passed to open() should just be "test".

Something odd is going on here. (Perhaps all that's going on is "this is Windows", but there might be more to it.)

(04 Nov '15, 18:41) Guy Harris ♦♦