Ask Your Question

Revision history [back]

A number of observations:

  1. Don't use sudo to run tshark\wireshark. Instead fix your capture permissions.
  2. As you aren't filtering, you don't actually need to use tshark, use the simpler dumpcap.
  3. Both dumpcap or tshark can accept multiple inputs (-i) but can only have one output (-w). You need to run multiple processes to write to different directories.
  4. To run multiple processes in bash, append an '&' to the process to put it in the background, e.g. dumpcap -i ens33 -b ... &.