ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: [Wireshark-users] tshark doesn't capture what wireshark does

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: José María Polvorosa Amor <jospolamo@xxxxxxxxxxx>
Date: Tue, 5 Feb 2008 13:21:49 +0000
Dear friend,

I need to use "tshark" because it's integrated in a C program that takes it's output data and process it.
The purpose of using tshark is to collect ftp and ftp-data packets in a ftp transfer (myServer->myPC).
But, when I filter (read filter sintax) using : "tshark -p -R ftp", tshark doesn't collect any data or when it collects something, this data is incompleted or random, but it doesn't happen with wireshark (gui).
Tshark should collect all FTP data: REQUEST, Entering passive mode, Opening bynary mode, all FTP-DATA (chopped file) and finally Tranfer Complete. Wireshark does it

Example:
--I transfer a file from myServer to myPC. Wireshark is sniffing on myPC.
1. Wireshark (gui) is sniffing at the same time. Then I filter packets to show only "ftp or ftp-data". Everything OK
2. Tshark is sniffing at the same time. Command: tshark -i eth0 -p -R "ftp or ftp-data". Sometimes it collect 1 packet, sometimes 4 packets, but always first packets, never "FTP Response: Transfer complete" that is the last one in a correct transfer or ftp-data that contents file-data.

I also updated my Fedora 6 kernel (2.6.20-1.2962), but I don't know if it affects, all my modules work properly.
So, I will be pleased if someone could help me, is it problem of the kernel or maybe the update modified wireshark? I changed wireshark version, reinstall new one and everything goes on. I'm a bit desesperated.

Thank you all. Best regards
--------
Information from : wireshark -v
wireshark 0.99.3a

Copyright 1998-2006 Gerald Combs and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.2, with GLib 2.12.2, with libpcap 0.9.4,
with libz 1.2.3, with libpcre 6.6, with Net-SNMP 5.3.1, without ADNS,
without Lua.

Running with libpcap version 0.9.4 on Linux 2.6.20-1.2962.fc6.
--------


_________________________________________________________________
Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última
Guapos y guapas, clips musicales y estrenos de cine.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube