Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] format of output file

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Juan Perez <jperezsip2008@xxxxxxxxx>
Date: Wed, 8 Jul 2009 11:43:53 -0700 (PDT)

hello

I am running tshark with the "a" and "b" flags to get a ring of 5 files, each of 100 KB of size.

tshark -i eth0 -w my-output-file -a filesize:100 -b files:5

That is working fine but I need to have the capture files in text format, not in pcap format, for easy parsing. This is the only explanation I have for the "w" flag

Output:
  -w <outfile|->           set the output filename (or '-' for stdout)

I tried using "-" but it spits the packets in weird characters to the screen.

How can keep the ringbuffer functionalty and have the files in text format?

cheers

jp
  • Follow-Ups:
    • Re: [Wireshark-users] format of output file
      • From: Guy Harris
  • Prev by Date: [Wireshark-users] WinPcap Remote
  • Next by Date: Re: [Wireshark-users] WinPcap Remote
  • Previous by thread: Re: [Wireshark-users] WinPcap Remote
  • Next by thread: Re: [Wireshark-users] format of output file
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation