Ask Your Question
0

how can I stop capturing wireshark logs using tshark from the command line ?

asked 2019-10-16 06:32:07 +0000

updated 2019-10-16 09:38:01 +0000

grahamb gravatar image

I want to Start capturing wireshark logs using tshark from the command line and save it in a txt file:

tshark -T text >C:/Nokia/Capture.txt.

My question is: how can I stop it?

Can I put an argument to collect just for one minute?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2019-10-16 07:33:55 +0000

xinxolHH gravatar image

updated 2019-10-16 12:19:42 +0000

Please use the option, -a condition to stop, by time, or number of files, file size, example by time:

-a duration:time in seconds (60 seconds) -a duration:60

with a buffer for the files (desired) to stop the capture after a certain time. Text files will not be the best recommended option for saving the output, but pcap/pcapng as default standard file format, you may create a CSV file instead with tshark, or transform them later using editcap tool in other format Ex. editcap -F , look the info page

tshark -i 1 -b filesize:175000 -b files:526 -a duration:3600 -w I:\Wiresharklogs\output1.pcapng

also better with the dumpcap command, which is on your wireshark installation as well, tshark is calling dumpcap in any case

dumpcap -i 1 -b filesize:175000 -b files:526 -a duration:3600 -w I:\Wiresharklogs\output1.pcapng

for writting a CSV file with tshark look at this question

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-10-16 06:32:07 +0000

Seen: 422 times

Last updated: Oct 16 '19