Revision history [back]
On Windows you can use tshark (part of the Wireshark suite) to do mostly the same thing.
Some caveats;
- Windows doesn't support the
-i any
option to select all interfaces, instead you'll have to explicitly add the interfaces required with multiple-i
entries. Usetshark -D
to list the interfaces. - The
-I
option may or may not put WiFi interfaces into monitor mode. This is an issue with Windows WiFI NIC drivers. You may have to omit this option. - The
-t
option of tcpdump to suppress the timestamp isn't supported directly by tshark, so should be omitted. - The
-q
option of tcpdump to reduce the output isn't directly supported so should be omitted.
This gives a command line similar to:
path\to\tshark.exe -i x -i y -s 0 > C:\temp\log
where x and y are the interfaces you wish to capture on.
You may also use -T fields -e xxx -e yyy ...
to limit the output to fields as specified by multiple -e
options.
See the tshark man page for more info.
On Windows you can use tshark tcpdump (part of the Wireshark suite) to do mostly the same thing.
Some caveats;
- Windows doesn't support the
-i any
option to select all interfaces, instead you'll have to explicitly add the interfaces required with multiple-i
entries. Usetshark -D
to list the interfaces. - The
-I
option may or may not put WiFi interfaces into monitor mode. This is an issue with Windows WiFI NIC drivers. You may have to omit this option. - The
-t
option of tcpdump to suppress the timestamp isn't supported directly by tshark, so should be omitted. - The
-q
option of tcpdump to reduce the output isn't directly supported so should be omitted.
This gives a command line similar to:
path\to\tshark.exe -i x -i y -s 0 > C:\temp\log
where x and y are the interfaces you wish to capture on.
You may also use -T fields -e xxx -e yyy ...
to limit the output to fields as specified by multiple -e
options.
See the tshark man page for more info.