how make ip filter in tshark????
I need to implement an ip filter in tshark but I get syntax error, I can not find any example. please give me an example of how to filter the IP traffic coming from or destined for a specific ip.
Do you want a capture filter or a display filter? The syntax is different, there are Wiki pages for capture filters and display filters.
You may also run into issues with your shell and quoting, what is your OS and shell? Can you amend your question with an example of the command line you have tried?
the line that I used is -f host xx.xx.xx.xx -f src host xxxx -f dst host xxxxx and they all give me syntax error
We already use that form, is there another variant?
We write it exactly like this: tshark -i 2 -f host 198.16.0.96 > test.pcap
You haven't stated the OS and shell. That affects quoting.
Try adding double quotes around the "host 198.16.0.96" as shown in my answer.