I want to Start capturing wireshark logs using tshark from the command line and save it in a txt file:
tshark -T text >C:/Nokia/Capture.txt.
My question is: how can I stop it?
Can I put an argument to collect just for one minute?
Please use the option, -a condition to stop, by time, or number of files, file size, example by time:
-a duration:time in seconds (60 seconds) -a duration:60
with a buffer for the files (desired) to stop the capture after a certain time. Text files will not be the best recommended option for saving the output, but pcap/pcapng as default standard file format, you may create a CSV file instead with tshark, or transform them later using editcap tool in other format Ex. editcap -F , look the info page
tshark -i 1 -b filesize:175000 -b files:526 -a duration:3600 -w I:\Wiresharklogs\output1.pcapng
also better with the dumpcap command, which is on your wireshark installation as well, tshark is calling dumpcap in any case
dumpcap -i 1 -b filesize:175000 -b files:526 -a duration:3600 -w I:\Wiresharklogs\output1.pcapng
for writting a CSV file with tshark look at this question
Comments