This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

use tshark to write output to .log file for realtime review

0

Folks, I am trying to leverage tshark to write output in plain text to a log file (.log), so I can review with a log viewer from another machine. My wireshark machine does not have a GUI, which is no big deal since I can use tshark.

I have already learned how to limit pcap output by time and filesize, but I need something that will write until stopped. I need the default data that is shown in a normal GUI dump, but I need to track via the .log file for a extended period of time.

Thanks.

asked 10 Feb '12, 07:31

jaz0nj4ckal's gravatar image

jaz0nj4ckal
15112
accept rate: 0%

retagged 10 Feb '12, 09:24

bstn's gravatar image

bstn
3751415

One Answer:

0

Although I don't recommend doing this for long captures (it's inefficient and you'll quickly run out of disk space in this case), you can use the -V flag with file redirection:

tshark {options} -V > text.log

A more suitable alternative (esp for long captures) is to use dumpcap to capture to a pcap file, and then later use tshark to view the pcap (and you can still redirect tshark's output to a log file as indicated above).

answered 10 Feb '12, 09:22

bstn's gravatar image

bstn
3751415
accept rate: 14%

Thanks so much!!!

(10 Feb '12, 11:02) jaz0nj4ckal