Wireshark-users: Re: [Wireshark-users] Howto: Wireshark from the command line

From: Mike Savory <msavory@xxxxxxxxx>
Date: Tue, 14 Nov 2006 08:49:02 -0800
Hi Norman

Read
  man tshark
and
  man tcpdump

       -a  <capture autostop condition>
Specify a criterion that specifies when TShark is to stop writing to a capture file. The criterion is of the form test:value, where
           test is one of:

duration:value Stop writing to a capture file after value seconds
           have elapsed.


       -w  <outfile>|-
Write raw packet data to outfile or to the standard output if out-
           file is '-'.

NOTE: -w provides raw packet data, not text. If you want text out- put you need to redirect stdout (e.g. using '>'), don't use the -w
           option for this.

      host host
True if either the IPv4/v6 source or destination of the
                     packet is host.


So try

tshark -a duration:5 -w packet.pcap host 192.168.1.5



Regards

Mike


On Nov 14, 2006, at 1:51 AM, norman wrote:

Hello,
I have setup wireshark on my local network and wanted to examine all the traffic that was going out from the gateway or a specific IP (not the local machine) for a short period of time and output this in a file.

How do you use it from the command line to get this?

When I run

#tshark -w capture.txt

works, but how do I pass the time to run for, and specify the actual IP to look at, or even protocol

Many thanks

Norman
Send instant messages to your online friends http:// uk.messenger.yahoo.com

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users