I'm trying to use T-shark to capture my Cisco wireless access point traffic in sniffer mode. In accordance I need to accept packets from UDP port 5555 and decode it as udp.port==5000,airopeek. Its easy enough to do in the gui but T-shark complains about my capture filter.
My filter:
tshark -i 1 -f "udp.srcport == 5555" -b filesize:20480 -b files:2 -d udp.port==5000,airopeek -w wfn-sniffed.cap
In summary, I need to take packets from udp port 555 and decode them as udp 5000 airopeek, all using t-shark.
/Steve
