 | 1 | initial version |
On Windows you can use tcpdump (part of the Wireshark suite) to do mostly the same thing.
Some caveats;
-i any option to select all interfaces, instead you'll have to explicitly add the interfaces required with multiple -i entries. Use tshark -D to list the interfaces.-I option may or may not put WiFi interfaces into monitor mode. This is an issue with Windows WiFI NIC drivers. You may have to omit this option.-t option of tcpdump to suppress the timestamp isn't supported directly by tshark, so should be omitted.-q option of tcpdump to reduce the output isn't directly supported so should be omitted.This gives a command line similar to:
path\to\tshark.exe -i x -i y -s 0 > C:\temp\log
where x and y are the interfaces you wish to capture on.
You may also use -T fields -e xxx -e yyy ... to limit the output to fields as specified by multiple -e options.
See the tshark man page for more info.
| | 2 | No.2 Revision |
On Windows you can use tcpdump tshark (part of the Wireshark suite) to do mostly the same thing.
Some caveats;
-i any option to select all interfaces, instead you'll have to explicitly add the interfaces required with multiple -i entries. Use tshark -D to list the interfaces.-I option may or may not put WiFi interfaces into monitor mode. This is an issue with Windows WiFI NIC drivers. You may have to omit this option.-t option of tcpdump to suppress the timestamp isn't supported directly by tshark, so should be omitted.-q option of tcpdump to reduce the output isn't directly supported so should be omitted.This gives a command line similar to:
path\to\tshark.exe -i x -i y -s 0 > C:\temp\log
where x and y are the interfaces you wish to capture on.
You may also use -T fields -e xxx -e yyy ... to limit the output to fields as specified by multiple -e options.
See the tshark man page for more info.