Wireshark · Wireshark-users: Re: [Wireshark-users] Filter using command line

Wireshark-users: Re: [Wireshark-users] Filter using command line

From: "Nutkins, Thomas" <tom.nutkins@xxxxxxxxxxxxxxxxxxxxxx>

Date: Wed, 10 Mar 2010 20:12:17 +0100

This is the way I do it.....from a DOS prompt in Windows

“c:\Program Files\Wireshark\tshark.exe" -r 500MB_capture_file.cap -R "ip.addr==127.0.0.1" -w output_file_name.cap

Substitute 127.0.0.1 for your IP address.

Cheers,

Tom

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Boaz Galil
Sent: 10 March 2010 17:08
To: Community support list for Wireshark
Subject: [Wireshark-users] Filter using command line

Dear experts,

I have packet capture file that contains 500MB data.

I would like to filter specific traffic of specific IP address. Unfortunately when I open the wireshark GUI eventually the wireshark will crash (due to the fact that this is a big capture file).

I don’t want to split the file to smaller files, is it possible to do the filter using command line?

Thanks in advance,

--
Boaz.

References:
- [Wireshark-users] Filter using command line
  - From: Boaz Galil

Prev by Date: [Wireshark-users] Filter using command line
Next by Date: [Wireshark-users] Reduce frequency of digest mailings to daily?
Previous by thread: [Wireshark-users] Filter using command line
Next by thread: [Wireshark-users] Reduce frequency of digest mailings to daily?
Index(es):
- Date
- Thread