Ask Your Question
0

Why do I get an error with this tshark command line on Windows?

asked 2019-02-26 19:20:07 +0000

tomycat gravatar image

updated 2019-02-26 22:27:23 +0000

Guy Harris gravatar image

hello, my OS is Windows 7. I logged in with my WLAN data:

tshark -i 2 -w C:\chat\capture.pcap tcp port 12345
Capturing on 'Drahtlosnetzwerkverbindung 3'
21

Now I want a conversation, the port data 18677 should be selected:

tshark -r C:\chat\capture.pcap -T fields -e data 'tcp.srcport==18677' > C:\chat\outbound2.txt
tshark: "'tcp.srcport==18677'" is neither a field nor a protocol name.

what am I doing wrong?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-02-26 19:28:29 +0000

grahamb gravatar image

For a CMD shell use double quotes not single quotes around the display filter, e.g.

tshark -r C:\chat\capture.pcap -T fields -e data "tcp.srcport==18677" > C:\chat\outbound2.txt
edit flag offensive delete link more

Comments

thx, the capture.pcap file ist 100% ok. I see Port 12345 and 18677. I like killing 18677.

tshark -r C:\chat\capture.pcap -T fields -e data "tcp.srcport==18677" > C:\chat\outbound2.txt I do not get an error message. outbound2.txt the file is empty

My target is:`$ cat outbound2.txt

42494e58

0000000d

00000347

00

057573657231044f4e595800`

tomycat gravatar imagetomycat ( 2019-02-27 18:58:34 +0000 )edit

It would seem that your capture doesn't have any packets that have a source port of 18677. Try using "tcp.port==18677" as a filter to see traffic to or from that port.

grahamb gravatar imagegrahamb ( 2019-03-08 19:10:20 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-02-26 19:20:07 +0000

Seen: 1,741 times

Last updated: Feb 27 '19

Related questions

tshark display filter auto suggestion

Wireshark 2.4.1 GTK Crash on long run

wifi disconnects as wireshark starts

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

what determines the final windows scaling factor?

Using tshark filters to extract only interesting traffic from 12GB trace

Failed to run MSBuild command (CMake Error at CMakeLists.txt:22 (project))

No CMAKE_C(XX)_COMPILER could be found

I am having trouble with Wireshark starting using Windows 10.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2