This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why isnt tshark responding to my command?

0

Hello,

I am trying to conduct OS fingerprint using tshark. I have created a capture, saved it to the desktop and named it testshark.pcap, here is the command that I am typing:

C:\Program Files\Wireshark>tshark -r "C:\Users\User 1\Desktop\testtshark tcp.flags.syn eq 1" - T fields -e ip.src -e ip.ttl -e tcp.window_size

and this is the error I am receiving: tshark: "-T" was unexpected in this context.

I have recently updated to Wireshark 2.0.2 and I am using a Windows 7 box. I have successfully done this in the past with an older version of wireshark, can someone please help?

Lee G

asked 07 Apr '16, 23:46

Lee_G's gravatar image

Lee_G
6114
accept rate: 0%

wikified 11 Apr '16, 05:35

One Answer:

0

You should try this C:\Program Files\Wireshark>tshark -r "C:\Users\User 1\Desktop\testtshark" -Y "tcp.flags.syn eq 1" - T fields -e ip.src -e ip.ttl -e tcp.window_size

answered 07 Apr '16, 23:52

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%

As in, you borked the command line, which happens. One more detail: you may need to add ".pcap' to the filename as well.

(08 Apr '16, 01:10) Jaap ♦

What I can also see is the blank space between - and T which is likely to cause another issue.

(08 Apr '16, 01:51) sindy

Christian, your recommendation worked, you were right my syntax was flawed, Kudos to you sir! BTW, love your website, very informative.

(11 Apr '16, 05:41) Lee_G