Hi,
You may be on the right track, unable to see why not from the limited
description of your requirements.
Still the output you desire is available if you take notice of the comment
on the -w option, found in the tshark man page:
-w <outfile>|-
Write raw packet data to outfile or to the standard output if outfile is '-'.
NOTE: -w provides raw packet data, not text. If you want text output
you need to redirect stdout (e.g. using '>'), don't use the -w option for
this.
Thanx,
Jaap
On Mon, 13 Nov 2006, Andrew Watson wrote:
> Hi,
>
> I know nothing about wireshark but I was advised to use it to check my webserver network traffic for a possible fault... the server is not local (it runs centos4) and I (having read a bit) found tshark and thought that that would probably be the way to go (although I could be wrong)./...
>
> I did manage to get tshark to output files but I then couldn't read them (although I was aiming for a text file output it didn't seem to be text). I was using variations of the following
>
> tshark -a duration:15 -T ps -w tsharkOP.txt
>
> My questionis how can I output a file that I can then read / inspect?
>
> Or should I be approaching this differently?
>
>
> Any help / guidance / advice much apprecciated.....
>
>
> Thanks
>
>
> Andy
>
>
