Wireshark-users: [Wireshark-users] T-Shark capture filter question
: Steve Evans <sc_evans@xxxxxxxxx
: Wed, 31 Aug 2011 15:29:24 -0700 (PDT)
I'm trying to use T-shark to capture my Cisco wireless access point traffic in sniffer mode. In accordance I need to accept packets from UDP port 5555 and decode it as udp.port==5000,airopeek. Its easy enough to do in the gui but T-shark complains about my capture filter.
tshark -i 1 -f "udp.srcport == 5555" -b filesize:20480 -b files:2 -d udp.port==5000,airopeek -w wfn-sniffed.cap
In summary, I need to take packets from udp port 555 and decode them as udp 5000 airopeek, all using t-shark.