Wireshark-users: Re: [Wireshark-users] Howto: Wireshark from the command line

From: norman <norman_khine@xxxxxxxxxxx>
Date: Tue, 14 Nov 2006 19:27:38 +0000 (GMT)
Thanks for your reply.


Mike Savory <msavory@xxxxxxxxx> wrote:
Hi Norman

Read
man tshark
and
man tcpdump

-a
Specify a criterion that specifies when TShark is to stop
writing
to a capture file. The criterion is of the form
test:value, where
test is one of:

duration:value Stop writing to a capture file after value
seconds
have elapsed.


-w |-
Write raw packet data to outfile or to the standard
output if out-
file is '-'.

NOTE: -w provides raw packet data, not text. If you want
text out-
put you need to redirect stdout (e.g. using '>'), don't
use the -w
option for this.

host host
True if either the IPv4/v6 source or
destination of the
packet is host.


So try

tshark -a duration:5 -w packet.pcap host 192.168.1.5



Regards

Mike


On Nov 14, 2006, at 1:51 AM, norman wrote:

> Hello,
> I have setup wireshark on my local network and wanted to examine
> all the traffic that was going out from the gateway or a specific
> IP (not the local machine) for a short period of time and output
> this in a file.
>
> How do you use it from the command line to get this?
>
> When I run
>
> #tshark -w capture.txt
>
> works, but how do I pass the time to run for, and specify the
> actual IP to look at, or even protocol
>
> Many thanks
>
> Norman
> Send instant messages to your online friends http://
> uk.messenger.yahoo.com
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users


Send instant messages to your online friends http://uk.messenger.yahoo.com