 | 1 | initial version |
I want the stream to be posted to a text file
Do you mean output of the form you get by running "tshark -V" or by saving dissections as text from Wireshark? If so, then...
I have had a lot of trouble finding the file(s) that contain the process of posting each discovered packet
..that's because there is no such file. The raw packet data is either in the file you're reading or in the file that Wireshark or TShark runs its "dumpcap" program to produce and that it reads as new packets arrive in it, but it contains raw binary packet data, not anything even remotely human-readable as network traffic (unless you're the sort of person who sees "08 00" and says "OK, that's an Ethernet type for IPv4" or sees "45" and says "OK, that's the first byte of an IPv4 header" :-)).
TShark will write text containing that to the standard output - it will give one-line summaries of packets, similar to what's in the packet list pane, by default, and will give the details, similar to what's in the packet detail pane, if you pass it the "-V" flag - if you don't save to a file with the "-w" flag or if you do save to a file with the "-w" flag but you also give it the "-P" flag. To save that to a file, redirect TShark's standard output.
Wireshark will write that text if you use the Export Packet Dissections > As Plain Text... menu item and specify what parts of the dissection to write out.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
