# Revision history [back]

On Windows you can use tcpdump (part of the Wireshark suite) to do mostly the same thing.

Some caveats;

• Windows doesn't support the -i any option to select all interfaces, instead you'll have to explicitly add the interfaces required with multiple -i entries. Use tshark -D to list the interfaces.
• The -I option may or may not put WiFi interfaces into monitor mode. This is an issue with Windows WiFI NIC drivers. You may have to omit this option.
• The -t option of tcpdump to suppress the timestamp isn't supported directly by tshark, so should be omitted.
• The -q option of tcpdump to reduce the output isn't directly supported so should be omitted.

This gives a command line similar to:

path\to\tshark.exe -i x -i y -s 0 > C:\temp\log


where x and y are the interfaces you wish to capture on.

You may also use -T fields -e xxx -e yyy ... to limit the output to fields as specified by multiple -e options.

On Windows you can use tcpdump tshark (part of the Wireshark suite) to do mostly the same thing.

Some caveats;

• Windows doesn't support the -i any option to select all interfaces, instead you'll have to explicitly add the interfaces required with multiple -i entries. Use tshark -D to list the interfaces.
• The -I option may or may not put WiFi interfaces into monitor mode. This is an issue with Windows WiFI NIC drivers. You may have to omit this option.
• The -t option of tcpdump to suppress the timestamp isn't supported directly by tshark, so should be omitted.
• The -q option of tcpdump to reduce the output isn't directly supported so should be omitted.

This gives a command line similar to:

path\to\tshark.exe -i x -i y -s 0 > C:\temp\log


where x and y are the interfaces you wish to capture on.

You may also use -T fields -e xxx -e yyy ... to limit the output to fields as specified by multiple -e options.