Ask Your Question

Revision history [back]

A number of observations:

  1. Don't use sudo to run tshark\wireshark. Instead fix your capture permissions.
  2. As you aren't filtering, you don't actually need to use tshark, use the simpler dumpcap.
  3. Both dumpcap or tshark can accept multiple inputs (-i) but can only have one output (-w). You need to run multiple processes to write to different directories.
  4. To run multiple processes in bash, append an '&' to the process to put it in the background, e.g. dumpcap -i ens33 -b ... &.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2