Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-users: Re: [Ethereal-users] How to get text output from tethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 29 Mar 2005 15:48:41 -0800
Adam Ripka wrote:

I am trying to capture using tethereal and get a nice text file as output. I tried

tethereal -a duration:30 -f icmp -i (name of device) -n -T text -w "test.txt"

This worked out great except for the text part. I've tried this using ethereal i.e. I've captured and then exported to a text file and this worked out fine but using tethereal I get unreadable output.

Can anyone please help me? How can I get a nice little text file from the command line?

By not using "-w". "-w" writes a *BINARY* file in libpcap format, as that's what it's intended to do. If you don't specify "-w", Ethereal writes the results of packet decoding, in a format specified by the "-T" flag, with the default being "-T text"; to quote the man page:

 -T  Set the format of the output when viewing packet data.  The options
     are:


     pdml
         Packet Details Markup Language, an XML-based format for the
         details of a decoded packet.  This information is equivalent to
         the packet details printed with the -V flag.

     psml
         Packet Summary Markup Language, an XML-based format for the
         summary information of a decoded packet.  This information is
         equivalent to the information shown in the one-line summary
         printed by default.

     ps  PostScript for a human-readable one-line summary of each of the
         packets, or a multi-line view of the details of each of the
         packets, depending on whether the -V flag was specified.

     text
         Text of a human-readable one-line summary of each of the pack-
         ets, or a multi-line view of the details of each of the pack-
         ets, depending on whether the -V flag was specified.  This is
         the default.

This is written to the standard output. To write to a file, make a file the standard output:

  tethereal -a duration:30 -f icmp -i (name of device) -n > test.txt