Ask Your Question
0

tshark packet counter disable

asked 2023-06-14 07:54:53 +0000

siduki gravatar image

updated 2023-06-14 15:30:08 +0000

cmaynard gravatar image

Hello. I use command "tshark -i eth1 > packet.log &" When I run this command, everything works normally, but here one annoying thing, on cli display runs counter, which counts packets. I this moment, when I write some command, it deletes from this counter, because it adds new packet count. In this time, command is write and can be used, but can not be seen, what is there typed. I'm interested, is this but or is there some option, whit I can disable this counter? Thank you.

tshark version - tshark -v
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.10 (Git commit 733b3a137c2b)

Copyright 1998-2021 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.68.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.17.1, without
Lua, with GnuTLS 3.7.6 and PKCS #11 support, with Gcrypt 1.10.0-unknown, with
MIT Kerberos, without MaxMind DB resolver, with nghttp2 1.43.0, without brotli,
without LZ4, with Zstandard, without Snappy, without libxml2.

Running on Linux 5.14.0-284.11.1.el9_2.x86_64, with 11th Gen Intel(R) Core(TM)
i7-1165G7 @ 2.80GHz (with SSE4.2), with 454 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.10.0 (with TPACKET_V3), with GnuTLS 3.7.6,
with Gcrypt 1.10.0-unknown, with zlib 1.2.11, binary plugins supported (0
loaded).

Built using gcc 11.3.1 20221121 (Red Hat 11.3.1-4).
edit retag flag offensive close merge delete

Comments

Can you update question with output of tshark -v.

Chuckc gravatar imageChuckc ( 2023-06-14 14:30:11 +0000 )edit

The info:

tshark -v
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.10 (Git commit 733b3a137c2b)

Copyright 1998-2021 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.68.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.17.1, without
Lua, with GnuTLS 3.7.6 and PKCS #11 support, with Gcrypt 1.10.0-unknown, with
MIT Kerberos, without MaxMind DB resolver, with nghttp2 1.43.0, without brotli,
without LZ4, with Zstandard, without Snappy, without libxml2.

Running on Linux 5.14.0-284.11.1.el9_2 ...
(more)
siduki gravatar imagesiduki ( 2023-06-14 15:22:16 +0000 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2023-06-14 15:24:34 +0000

cmaynard gravatar image

From the tshark.c source code:

if (print_packet_counts) {
    /* We're printing packet counts. */
    if (packet_count != 0) {
        fprintf(stderr, "\r%u ", packet_count);
        /* stderr could be line buffered */
        fflush(stderr);
    }
}

Since the packet count is written to stderr, you should be able to redirect it to /dev/null to suppress it, e.g.:

tshark -i eth1 > packet.log 2> /dev/null &
edit flag offensive delete link more

Comments

Thank you. It works without &, with &, there is output something like this [7] 2040 and don't work in background.

siduki gravatar imagesiduki ( 2023-06-14 15:35:58 +0000 )edit

That's the process number of the background process being displayed. You should be able to suppress that using the instructions provided here: https://unix.stackexchange.com/questi...

For example:

( tshark -i eth1 > packet.log 2> /dev/null & ) > /dev/null 2>&1
cmaynard gravatar imagecmaynard ( 2023-06-14 16:42:56 +0000 )edit
add a comment
0

answered 2023-06-14 15:39:40 +0000

Jim Young gravatar image

The tshark man page documents the -Q and -P options. For example:

tshark -i en0 -Q -P > packet.log &

edit flag offensive delete link more

Comments

Yes, this works but as the man page for the -Q option indicates, "Only true errors are displayed on the standard error.", so it's possible that there could still be output printed to stderr in some cases. Overall, I do recommend using the -Q -P options, but it may still be useful to redirect stderr to /dev/null if you don't want to see any errors whatsoever.

Also, while I did look at both the -q and -Q options, I neglected to look at the -P option, despite it being right above these other two options. The -P option clearly indicates that output will be generated "... even if packet output is otherwise suppressed with -Q."; however, there is no similar indication in the description of the -Q option that the -P option will override it. I think it would be nice if the documentation for both the -Q ...(more)

cmaynard gravatar imagecmaynard ( 2023-06-14 16:38:11 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2023-06-14 07:54:53 +0000

Seen: 183 times

Last updated: Jun 14 '23

Related questions

tshark packet counter maximum value

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?

Tshark TCP stream assembly

Tshark output file problem, saving to csv or txt

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2