Tshark filter IP and Port + save in pcapng format
Hello I've to Write a simple script for sniffing packet exchange between a server (windows server) and a camera. I just offered them to use wireshark. But my customer insist to use script. so i wrote a batch file and it supposed to work with tshark. but it doesn't work correctly. here is my script:
tshark -D
set /p interface="Select The Interface: "
set /p IP="Type Camera IP Address: "
set /p Port="Type Camera Port Number: "
tshark -p -n -i %interface% -a duration:100 -Y "ip.dst==%IP% && (tcp.dstport==%Port% || udp.dstport==%Port%)" -w test.pcapng
I know the filters I'm using are display filters. but even without them I can not save in pcapng Format. also I tried tried -F pcapng and Script is running with administrator privileges . but it's not working. can anybody help me to fix this?! I apologize, my question is elementary but: How can I filter IP and Port in tshark, and save it to a pcapng file!? Conider i'm using it in windows. Any help is valuable for me.
Can you describe "what's not working"? An error, no saved capture file, capture file doesn't include expected traffic?
thanks grahamb. when I run above command, I get this: "tshark: Display filters aren't supported when capturing and saving the captured packets." And when I run it without filters, Nothing saves. Just a number increases on the console
I.e., you run a command such as
and, even though the number increases on the console (that's counting the number of packets it captures, which is also the number that it should have saved to the file), there are no packets in the test.pcapng file?