I am not sure where i need to go to find the answer to my question. So if there is a link i missed please let me know. I dont mind trying to figure it out. But will gladly accept an answer too. I am trying to save the output of this command to a CSV file preferably. saving straight to the csv is ideal as opening a pcap file and converting regularly does not sound fun either. The command i am trying to replicate is: tshark -i wlan1 subtype probereq I have tried using command tshark -i wlan1 subtype probereq -V >testout.txt asked 09 Jan '16, 19:55  thegeneral edited 09 Jan '16, 21:03  Guy Harris ♦♦ |
One Answer:
I assume from
that you want the columns that There's not a simple way to do that directly, but you can ask TShark to print various values from the packet with commas between them. If you want the standard set of columns, you could, at least with newer versions of Wireshark, do answered 09 Jan '16, 20:59 Guy Harris ♦♦ edited 10 Jan '16, 00:40 |
Thank you for the help. This is getting the results i am looking for. But now the issue is writing those results to a file.
When i add -w testfile.txt it just prints to screen but nothing in the file. same with -w -v >testfile.txt
Any advise on writing the results to a capture file?
-wspecifies to what file the raw captured data should be written. It is always an error to use-wwith a file whose name ends in.txt, because TShark (and dumpcap, and tcpdump) do not write out raw captures as text.If you don't need the raw packet file (to read later with Wireshark or tcpdump or some other program that can read pcap or pcapng files), then don't specify
-wat all, just run tshark with the output redirected to the file, and no-w: