This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Outputting a tshark command result to a window

0

Let's say the tshark command for converting a pcap file to a Windows .txt file is:

tshark -n -r "C:\Users\L33604\Desktop\SplunkWireshark\WiresharkPacketLogMonitor\SynFlood Sample.pcap" > "C:\Users\L33604\Desktop\SplunkWireshark\WiresharkPacketLogMonitor\capfile.txt"

The output is shown in the .txt file but not on the Windows cmd console.

How do I change the above tshark command such that it shows the same output from the .txt file on the console?

asked 01 May '12, 22:49

misteryuku's gravatar image

misteryuku
20242630
accept rate: 0%

edited 02 May '12, 00:23

helloworld's gravatar image

helloworld
3.1k42041


3 Answers:

0

answered 01 May '12, 22:54

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

Do you mean that you want to see the output in the command console and at the same time written to a file?

If so, with PowerShell (available by default in Win 7), you can use the Tee-Object cmdlet to do that:

tshark "your tshark parameters" | Tee-Object "your text file"

Note that the text file will be in Unicode format but your Java programs should be able to handle that.

answered 01 May '12, 23:56

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

No the cmd console only.. I forgot to show my expected output. I would like to see the output below on the cmd console using tshark when converting .pcap file

1 0.000000 164.124.33.78 -> 192.168.0.1 TCP 54 35165 > 80 [SYN] Seq=0 Win=16384 Len=0

2 0.000001 38.198.26.9 -> 192.168.0.1 TCP 54 14378 > 80 [SYN] Seq=0 Win=16384 Len=0

3 0.000003 132.212.36.201 -> 192.168.0.1 TCP 54 31944 > 80 [SYN] Seq=0 Win=16384 Len=0

4 0.000005 76.196.6.157 -> 192.168.0.1 TCP 54 10404 > 80 [RST] Seq=1 Win=0 Len=0

....................................................

(02 May '12, 00:02) misteryuku

0

Your command is redirecting the tshark stdout to capfile.txt. If you removed the redirection, the output would print only to the console (as you require). That is, enter this:

tshark -n -r "C:\Users\L33604\Desktop\SplunkWireshark\WiresharkPacketLogMonitor\SynFlood Sample.pcap"

answered 02 May '12, 00:21

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%