ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Tethereal -w flag

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 28 Jun 2002 02:56:11 -0700
On Wed, Jun 26, 2002 at 05:58:01PM +0000, Jennifer Tso wrote (in HTML;
please don't send HTML-only mail to the Ethereal mailing lists, as not
everybody on the list uses mail readers that handle HTML mail
conveniently):

> I am trying to get the ouput that tethereal gives to go to a file.  The
> command I use to generate output is:
> 
> tethereal -i \Device\Packet{...}
> 
> This outputs the information to the screen.  I need it to go to a file. 
> So I tried:
> 
> tethereal -i \Device\Packet{...} -w test.txt
> 
> This generates an empty file named test.txt.

Tethereal, by default, loops forever; to stop a capture, you have to
type control-C.  The output file will not necessarily contain anything
until you interrupt Tethereal with a control-C.

In addition, there is a bug in Tethereal that causes it to terminate
abnormally when you interrupt it with a control-C, so you might not even
get anything in the output file if you *do* type control-C.  I've just
checked in a fix for that, which will be in the next Ethereal release.

However, if you do

	tethereal -i \Device\Packet{...} -w test.txt

it will *NOT* write to the file the same text that it would print to the
screen if you run it with

	tethereal -i \Device\Packet{...}

In fact, it will not write text at all - instead, it will write a
*binary* file containing time stamps for the packets, packet sizes, and
raw data for the packets.  That file can be read by Tethereal with the
"-r" flag, with Ethereal, with WinDump, and with other programs that can
read tcpdump/WinDump output.

If you want to get *text output* to a file, you should do

	tethereal -i \Device\Packet{...} > test.txt

However:

> I thought the output is
> suppose to go to this file.  Am I doing something wrong? I tried to get
> around the whole thing by trying:
> 
> tethereal -i \Device\Packet{...} > test.txt
> 
> But it seems that tethereal does not send output to stdout.  So that
> didn't work either.  Does anyone have any suggestions?

It *does*, if run without the "-w" flag, send output to the standard
output.  However, the same problems I mentioned earlier, namely that

	1) it will loop forever, so you have to terminate it with
	   control-C

and

	2) it'll terminate abnormally when you use control-C, so it may
	   not write anything

apply in that case as well; you'd have to wait for the next release for
the fix to that problem.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube