tshark syntax error

asked 2018-09-12

cal516

I am working on an assignment and having trouble with the syntax. Below is the prompt and command I am using. I had to map to tshark then add the command.

C:\Windows\system32>"c:\Program Files\Wireshark\tshark" -x -n SYNscan.txt

Below is the error

Capturing on 'Npcap Loopback Adapter'
tshark: Invalid capture filter "SYNscan.txt" for interface 'Npcap Loopback Adapter'.

That string isn't a valid capture filter (syntax error in filter expression).
See the User's Guide for a description of the capture filter syntax.
0 packets captured
answered 2018-09-12

Do you want tshark to write the dissection to "SYNscan.txt"? If so, then you'll have to redirect the output, e.g.

C:\Windows\system32>"c:\Program Files\Wireshark\tshark" -x -n > SYNscan.txt

Any final argument supplied to tshark without an argument prefix is treated as a capture filter.

Note also that you won't be able to write to the current directory (C:\Windows\System32) unless you're running with elevated privileges, and you shouldn't be running tshark with elevated privileges.

Thank you for the response. I realized the error (no >) as soon as I read your response

cal516 ( 2018-09-12 15:59:42 +0000 )

grahamb ( 2018-09-12 16:31:30 +0000 )

