Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] format of output file

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Peter Valdemar Mørch (Lists)" <4ux6as402@xxxxxxxxxxxxxx>
Date: Thu, 09 Jul 2009 09:04:36 +0200

Guy Harris guy-at-alum.mit.edu |Lists| wrote:
How can keep the ringbuffer functionalty and have the files in text format?
By modifying TShark to support such a feature; it currently doesn't support that.
Would it work for you to use the ringbuffer and keep the files in pcap format, and then when you need them, convert the pcap files to text files with: 

cat file.pcap | tshark -i -

or even (bash syntax):

for f in *.pcap ; do
   cat $f | tshark -i - > $f.txt
done

?

Peter

--
Peter Valdemar Mørch
http://www.morch.com
  • References:
    • [Wireshark-users] format of output file
      • From: Juan Perez
    • Re: [Wireshark-users] format of output file
      • From: Guy Harris
  • Prev by Date: Re: [Wireshark-users] (no subject)
  • Next by Date: Re: [Wireshark-users] wireshark won't execute on vista
  • Previous by thread: Re: [Wireshark-users] format of output file
  • Next by thread: [Wireshark-users] IGMP compliance testing? [was: Script/Macro to set time reference?]
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation