Wireshark-users: Re: [Wireshark-users] Display dumpcap in real time

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Wed, 2 Nov 2011 07:07:58 +1100
If you want display, use tshark. Something like this should be want you want:-


marty@monga:~$ tshark -i eth1 -T fields -e frame.time -e ip.src -e ip.dst
Capturing on eth1
Nov  2, 2011 07:06:15.369463000 192.168.98.240 74.125.237.22
Nov  2, 2011 07:06:15.369598000 192.168.98.240 74.125.237.22
Nov  2, 2011 07:06:15.369707000 192.168.98.240 74.125.237.22
Nov  2, 2011 07:06:15.427435000 74.125.237.22 192.168.98.240
Nov  2, 2011 07:06:15.436255000 74.125.237.22 192.168.98.240


Regards, Martin

MartinVisser99@xxxxxxxxx


On 2 November 2011 06:22, Chip <jeffschips@xxxxxxxxx> wrote:
Hello All,

Question: when using dumpcap to write to a file, is there a switch for viewing the data on the monitor as it writes to file?

And alas, if I only want to capture the ip addresses of the two endpoints to the conversation along with timestamp, what would be the proper filter to use?

The man pages do not -- at least I cannot find -- a method to display to the monitor the results as they happen.

Thank you.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe