On Wed, 9 Jul 2008 16:42:30 +0530 Arnab Ganguly wrote:
>1)What is the difference between tshark and wireshark?
The GUI.
>2)What is the command line option to monitor tcp packet transmission
>on a particular port.I tried the following option
>tshark -d tcp.port==8111,http > capture2
> but it was montoring tcp packets for other ports as well.
$ tshark -D
You can use this option to see what interfaces are available.
$ tshark -i 3 -f "tcp port 1237" -w test1.cap
-i 3
The number of the interface on which you want to capture.
-f "tcp port 1237"
Capture filter. All the traffic to or from port 1237 will be captured.
You can use || to capture to/from multiple ports:
p.e. "tcp port 1237 || tcp port 1238"
-w test1.cap
Output file
You can take a look at the man pages for more information:
http://www.wireshark.org/docs/man-pages/tshark.html.
Grtz
Joan