Wireshark · Wireshark-users: Re: [Wireshark-users] format of output file

Wireshark-users: Re: [Wireshark-users] format of output file

From: "Peter Valdemar Mørch (Lists)" <4ux6as402@xxxxxxxxxxxxxx>

Date: Thu, 09 Jul 2009 09:04:36 +0200

Guy Harris guy-at-alum.mit.edu |Lists| wrote:

How can keep the ringbuffer functionalty and have the files in textformat?
By modifying TShark to support such a feature; it currently doesn'tsupport that.

Would it work for you to use the ringbuffer and keep the files in pcapformat, and then when you need them, convert the pcap files to textfiles with:


cat file.pcap | tshark -i -

or even (bash syntax):

for f in *.pcap ; do
   cat $f | tshark -i - > $f.txt
done

?

Peter

--
Peter Valdemar Mï¿½rch
http://www.morch.com

References:
- [Wireshark-users] format of output file
  - From: Juan Perez
- Re: [Wireshark-users] format of output file
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] (no subject)
Next by Date: Re: [Wireshark-users] wireshark won't execute on vista
Previous by thread: Re: [Wireshark-users] format of output file
Next by thread: [Wireshark-users] IGMP compliance testing? [was: Script/Macro to set time reference?]
Index(es):
- Date
- Thread