Can TShark be used without WireShark

0

I am interested in capturing traffic on our network from a range of devices as part of a device trial. The devices will not have wireshark installed on them. Is it possible to still capture data from these trial devices using TShark?

asked 10 Jan '12, 07:20

Mike4G's gravatar image

Mike4G
1111
accept rate: 0%

edited 26 Feb '12, 20:56

cmaynard's gravatar image

cmaynard ♦
3.2k51656

What do you mean by "capture data from these trial devices"? You can capture traffic from a device using Wireshark, or TShark, or tcpdump, or snoop, or..., without having Wireshark, or TShark, or tcpdump, or snoop, or... running on the device itself, as long as you're on the same network as the device.

(10 Jan '12, 12:35) Guy Harris ♦♦
One Answer:
oldestnewestmost voted
0

Yes, probably. But remember that you will still need to have installed the libpcap (or winpcap, depending of your target platform) device driver.

link

answered 10 Jan '12, 08:43

griff's gravatar image

griff
24537
accept rate: 28%

edited 10 Jan '12, 21:16

Fortunately, on most if not all UN*X platforms, there's no device driver to install - libpcap uses a mechanism built into the OS.

Windows is different - it requires a driver to connect NDIS to the WinPcap library. That driver is part of WinPcap.

(27 Feb '12, 14:01) Guy Harris ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×246
×225
×49
×1

Asked: 10 Jan '12, 07:20

Seen: 739 times

Last updated: 27 Feb '12, 14:01

Related questions

Packet capture and Apache logs do not agree - data discrepencies

Wireshark with Impinj readers

Dump raw packet 'data' field only?

Is it possible to change location for data storage for a capture?

tshark capture filter for len parameter

Is there any better way to dump data? (http)

tshark...can I do the following

Decapsulation of data

Capturing packets from Nokia E5 connected through USB

Measuring bandwidth without capture all data

about | faq | privacy | support | contact

powered by OSQA