Why do I get an error with this tshark command line on Windows?

hello, my OS is Windows 7. I logged in with my WLAN data:

tshark -i 2 -w C:\chat\capture.pcap tcp port 12345
Capturing on 'Drahtlosnetzwerkverbindung 3'
21

Now I want a conversation, the port data 18677 should be selected:

tshark -r C:\chat\capture.pcap -T fields -e data 'tcp.srcport==18677' > C:\chat\outbound2.txt
tshark: "'tcp.srcport==18677'" is neither a field nor a protocol name.

what am I doing wrong?

For a CMD shell use double quotes not single quotes around the display filter, e.g.

tshark -r C:\chat\capture.pcap -T fields -e data "tcp.srcport==18677" > C:\chat\outbound2.txt

23.8k

grahamb

answered 2019-02-26 19:28:29 +0000

edit flag offensive 0 remove flag delete link

Comments

thx, the capture.pcap file ist 100% ok. I see Port 12345 and 18677. I like killing 18677.

tshark -r C:\chat\capture.pcap -T fields -e data "tcp.srcport==18677" > C:\chat\outbound2.txt I do not get an error message. outbound2.txt the file is empty

My target is:`$ cat outbound2.txt

42494e58

0000000d

00000347

057573657231044f4e595800`

tomycat (2019-02-27 18:58:34 +0000) edit

It would seem that your capture doesn't have any packets that have a source port of 18677. Try using "tcp.port==18677" as a filter to see traffic to or from that port.

grahamb (2019-03-08 19:10:20 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Why do I get an error with this tshark command line on Windows? edit

Comments

1 Answer

Comments