tshark -b duration Question.

asked 2020-01-14 09:26:12 +0000

lily gravatar image

I have a bash script that using tshark command. when I use tshark -b filesize option, all the script lines are running well. But, when I use tshark -b duration option, the capturing is well but the script lines are stopped.

what is problem?

edit retag flag offensive close merge delete


Please add version info - tshark -v
Can you share the bash script or the part that accesses the files?

bubbasnmp gravatar imagebubbasnmp ( 2020-01-14 16:54:43 +0000 )edit
  1. version is 3.1.1
  2. bash script is below.

    printf "start packet capturing\n\n"

    while echo `~/wireshark/build/run/tshark -nni ens33 -T ek -b duration:10 -w /var/packets/test.pcap


    shopt -s nullglob 
    for filename in /var/packets/*.pcap; do 
            foldername=$(echo "$filename" | awk '{print (substr($0, 25, 8));}');
            mkdir -p /var/packets/"$foldername"
            #sleep 30s
            echo `~/wireshark/build/run/tshark -r "$filename" -T ek > "$filename".json`
            mv "$filename" /var/packets/"$foldername"
            mv "$filename".json /var/Json
            echo "$filename $foldername" ;


lily gravatar imagelily ( 2020-01-15 02:23:10 +0000 )edit

You may have a 10 seconds time period to do the capture and then stop, is this what you meant with the script lines are stopped -b duration:10 will make the tshark to stop after then 10 seconds. So your intial condition is not valid after 10 seconds in your while loop, you may need to also add -b duration:10 -b filesize:XY -b files:100 in order to do a file buffer with XY size (in Kb) and 100 files for example....Do I understand it correctly ? Please elaborate

xinxolHH gravatar imagexinxolHH ( 2020-01-15 10:51:46 +0000 )edit

It doesn't works..

lily gravatar imagelily ( 2020-01-16 02:16:34 +0000 )edit