tshark command working on windows but not working on Centos

asked 2020-05-01 11:32:32 +0000

manurag11 gravatar image

Hi, I am using below command to print data payload froma .pcap file. Command is working fine on windows 10 but not working on centos 7.6

tshark -r my.pcap -T fields -e http.file_data

Windos tshark version: 2.4.4 Centos tshark version 2.4.0

please help.

edit retag flag offensive close merge delete

Comments

And what does "not working" actually mean, no output, unexpected output or an error?

grahamb gravatar imagegrahamb ( 2020-05-01 12:00:58 +0000 )edit

There is no output though if i use tshark my.pcap -T fields -e http.file_data > my.txt cat my.txt | wc -l shows non zero number yet blank file

manurag11 gravatar imagemanurag11 ( 2020-05-01 12:10:33 +0000 )edit

So null fields.

grahamb gravatar imagegrahamb ( 2020-05-01 12:33:42 +0000 )edit

Possibly there are different preference settings on the two machines so they dissect the capture differently or there is a bug in 2.4.0 that's been fixed in 2.4.4.

grahamb gravatar imagegrahamb ( 2020-05-01 14:17:44 +0000 )edit

using 2.4.4 now, still same issue.

manurag11 gravatar imagemanurag11 ( 2020-05-04 04:56:29 +0000 )edit
see more comments