i use "tshark -n -i8 -V -x > output.pcap" to write data in the file, when i open the file by wireshare, appear the error, how can I solve the error,thanks.
My wireshark version is 3.2.4 and OS is windows 10
To write a pcap file use the -w option, e.g.
tshark -n -i8 -F pcap w output.pcap
Note the -V and -xoptions have been removed as they are used for text output, not pcap output and the -F pcap option has been added to change the output file type to pcap instead of the default pcapng. If you're happy with pcapng, then you can omit the -F pcap option.
Without the -w option, TShark writes a text file containing information from dissecting the packet (the command in the question will write out packet details, in a fashion similar to what Wireshark shows in the packet details pane). Wireshark can't read those files.
use 'tshark -n -i8 -V -x -w output.pcap' the file can opend by wireshark, but it looks like the filesize is limited, the output file should about 4MB , but it always stop writing data when the filesize is 800KB, so i try to use '>' to write the data.
How are you stopping the capture or is there a message displayed that it was ended?
-a duration:60 i use this
tshark is making a call to dumpcap for capture.
Here is an example running for 10 seconds:
$ dumpcap.exe -i4 -a duration:10 -w output.pcap
Capturing on 'Ethernet'
File: output.pcap
Packets captured: 99
Packets received/dropped on interface 'Ethernet': 99/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)
If you run dumpcap.exe -i8 -a duration:60 -w output.pcap is the file size different?
in real scenario i use the command tshark -n -i8 -V -x -a duration:3600 -w output.pcap
and the filesize is 800KB
my test command is
tshark -n -i8 -V -x -a duration:600 -w output.pcap
and the filesize is 400KB, they are in a same server, maybe is the filesize limited, if use 60 second, the filesize is equals.
Comments