Ask Your Question
0

Tshark - Notifications in the error file

asked 2018-02-18 14:20:17 +0000

avi gravatar image

updated 2018-02-19 11:08:52 +0000

grahamb gravatar image

Dear reader,

I’m using the Tshark from a command line.

My command is: tshark -i 4 -Y "ip.dst==172.17.231.50&&icmp" 1>c:\temp\a-out.txt 2>c:\temp\a-err.txt

In the a-err.txt file I’m getting the below notification while this file should only include errors:

Capturing on 'Intel(R) Ethernet Connection I217-LM'
7 packets captured

Is there any way to change the command line so the a-err.txt file will contain only error messages?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-02-18 22:49:30 +0000

Guy Harris gravatar image

Try

tshark -Q -P -i 4 -Y "ip.dst==172.17.231.50&&icmp" 1>c:\temp\a-out.txt 2>c:\temp\a-err.txt

-Q should disable the two extra messages, but it also disables regular packet output; -P should force regular packet output to occur.

edit flag offensive delete link more

Comments

Thank you Guy Hurris. I tested this solution and the a-err contains only errors (if there are) and not notifications. Worked for me but only on one of three PCs I used it on. Is the -Q new? It didn't work on older wireshark versions I'm working with. They only accepted -q which has different function.

avi gravatar imageavi ( 2018-02-19 17:45:30 +0000 )edit

-Q was added to the source code repository at the end of 2012, so it should be supported by TShark 1.10.0 and later.

Guy Harris gravatar imageGuy Harris ( 2018-02-19 19:01:39 +0000 )edit

Dear reader,

Subject: -Q -P Tshark flags works fine for text but doesn't work for pcap

I used the following line for getting the results in text file and it works fine. No notification messages in the error channel.

C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\tshark.exe" -Q -P -i 4 -Y "ip.dst==172.17.231.50&&icmp" -V -S 5%%%5 > C:\temp\output.txt

When trying to get the results in a pcap file, I received notification messages in the error channel.

C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\dumpcap.exe" -i 4 -w - | "C:\Program Files (x86)\Wireshark\tshark.exe" -Q -P -r - -Y "ip.dst==172.17.231.50&&icmp" -w "C:\temp\output.pcap"

Trying to add –P –Q to the first part yielded an error message saying: “C:\Program Files (x86)\Wireshark\dumpcap.exe: invalid option ...(more)

avi gravatar imageavi ( 2018-03-06 12:44:57 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-02-18 14:20:17 +0000

Seen: 376 times

Last updated: Mar 06 '18