Thank you a lot !! I've found some useful options in tshark doc already (and came over with the "partually satisfying" comm line) but a real life expertise is much more appreciated and valuable! I used new developer's version of WireShark 1.1.0 and it took me 15 minutes to convert the cap file to a text format! that's why I have switched to tshark; also it is much more convinient to use tshark in overnight tests...which I am currently to write:)
Will continue using tshark!!!
--- On Wed, 24/9/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
From: j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx>
Subject: Re: [Wireshark-users] Wireshark GUI in tshark
To: wireshark-users@xxxxxxxxxxxxx
Date: Wednesday, 24 September, 2008, 8:58 PM
On Tue, 23 Sep 2008 17:30:59 +0000 (GMT) NADEZHDA PLOTNIKOVA wrote:
> I would like to use tshark for my data capturing but so far used Wireshark
GUI only.
> so I need some advise on how to do the following (to start with, then
I'll
get the idea).
> Basically i need the script for the following:
> WireShark->Capture->Options
> Capture---
> Interface ? ethXX
> Link layer ? Ethernet
> Capture files----
> the directory and file name to put data in
> Stop capture----> After 20 sec
> Next is to press start;
Use tshark -D to print a list of interfaces
$ tshark -D
1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN
capture)
2. \Device\NPF_{059B8888-3D72-4D13-8BC4-7686E3569DDB} (Broadcom
NetXtreme
Gigabit Ethernet Driver (Microsoft's Packet Scheduler) )
3. \Device\NPF_{96F446AD-9709-45DA-95C6-1B92778311A5} (VMware Virtual
Ethernet
Adapter)
4. \Device\NPF_{CAA815AD-EB16-4186-8C1B-A04E324963AD} (VMware Virtual
Ethernet
Adapter)
$ tshark -i 2 -a duration:20 -w file.cap
-i 2 = select interface
-a duration:20 = stop after 20 seconds
-w file.cap = set the output filename
> Then my workload finished and I need to press stop button on main panel
on WireShark
> After that I need to convert file (or, if tshark supports text output -
that'd be fine!):
> WS->File->Export
> Browse and define NEW file name a-la oldFile.txt
> Packet range---
> All packets
> Packet format----
> Summary lane ON
> Packet details ON
> As displayed or expanded
> Packet bytes ON
$ tshark -r file.cap > file.txt
$ tshark -r file.cap -T text > file.txt
Output: summary lines
$ tshark -r file.cap -T text -V > file.txt
Output: packet details
$ tshark -r file.cap -T text -x > file.txt
Output: summary lines and packet bytes
$ tshark -r file.cap -T text -Vx > file.txt
Output: packet details and packet bytes
It's a bit strange. There are various ways to print the summary lines.
You can use the options -V and -x to add output of the packet details and
bytes.
In case of *-T text -x* the summary lines are printed.
In case of *-T text -Vx* the summary lines are not printed.
BTW I'm on version TShark 1.0.3 (SVN Rev 26134)
HTH
Joan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
|