This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to capture multiple interface with tshark command with -i parameter at the same time?

0

how to capture multiple interface with tshark command with -i parameter at the same time? we have two interface: eth2 and eth3 , and we want to capture all of the messages in eth2 and eth3, how to do that with tshark CLI?

asked 09 Dec '15, 21:14

tayi's gravatar image

tayi
6112
accept rate: 0%

edited 10 Dec '15, 02:00

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

Determine your interface numbers with "tshark -D"

Example: eth2 = 1 and eth3=2

Use following syntax: C:>tshark -i 1 -i 2

answered 09 Dec '15, 22:04

Rooster_50's gravatar image

Rooster_50
23891218
accept rate: 15%

thanks, one more question, i used tshark -i eth2 -i eth3 before, but always some packages lost, what is the difference?

(10 Dec '15, 00:00) tayi

??? It's hard to say without seeing what you did. Could you have possibly not entered the adapter name exactly as it is on your machine?

(10 Dec '15, 18:29) Rooster_50

ne more question, i used tshark -i eth2 -i eth3 before, but always some packages lost, what is the difference?

There is no difference. The -D flag, and the ability to specify an interface by number as well as name, originally appeared in WinPcap, because network interface names are long ugly strings on NT 5 (Windows 2000) and later; tcpdump and Wireshark picked it up. -D is also useful on UN*Xes; the ability to specify an interface by number is less useful on UN*Xes, because the interface names are short and somewhat sensible names, such as eth0 or en0 or....

The packets being lost is a different matter; using interface numbers rather than names will not make any difference.

(11 Dec '15, 12:11) Guy Harris ♦♦