how to capture udp traffic with a length of 94

asked 2018-05-14

logn

updated 2018-05-14 10:16:54 +0000

grahamb

On Windows,when i try this code using PowerShell to creat a pcap file then get unique ip address:

C:\Users\long> wireshark\tshark -i ethernet -a duration:60 -f "udp" -Y "frame.cap_len>=90 && frame.cap_len<=100" -w test3.pcap

Its doesn't work.I dont know why,Can u help me.Thank in advance

answered 2018-05-14

grahamb

It doesn't work as per the error message reported:

tshark: Display filters aren't supported when capturing and saving the captured packets

You can convert the display filter part (-Y ...) to a capture filter:

wireshark\tshark -i ethernet -a duration:60 -f "udp and len>=90 and len <=100" -w test3.pcap
Note that if an answer has solved your issue, you should accept it for the benefit of others with the same query by clicking the checkmark next to it.

grahamb gravatar imagegrahamb ( 2018-05-14 09:17:45 +0000 )edit

