Using tshark to capture and Read filter at the same time

tshark
wireshark

asked 2018-04-24 05:38:33 +0000

h4harshith
1 ●1 ●1 ●1

Is it possible to use tshark to capture and Read the filter at the same time

To Read, i use the below command line

tshark -i any -R "<any protocol="">" ex: tshark -i any -R "dns"

To Write into a capture file

tshark -i any -w "dns.pcap"

I am not able to combine them both into one as i get below error

tshark: -R without -2 is deprecated. For single-pass filtering use -Y. tshark: Read filters aren't supported when capturing and saving the captured packets.

Is there any better ways to try this to minimize my effort of Running two different command?

edit retag flag offensive close merge delete

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

Using tshark to capture and Read filter at the same time

Be the first one to answer this question!

Question Tools

Stats

Related questions

Using tshark to capture and Read filter at the same time edit

Be the first one to answer this question!

Question Tools

Stats

Related questions

Using tshark to capture and Read filter at the same time