Hi Norman
Read
man tshark
and
man tcpdump
-a <capture autostop condition>
Specify a criterion that specifies when TShark is to stop
writing
to a capture file. The criterion is of the form
test:value, where
test is one of:
duration:value Stop writing to a capture file after value
seconds
have elapsed.
-w <outfile>|-
Write raw packet data to outfile or to the standard
output if out-
file is '-'.
NOTE: -w provides raw packet data, not text. If you want
text out-
put you need to redirect stdout (e.g. using '>'), don't
use the -w
option for this.
host host
True if either the IPv4/v6 source or
destination of the
packet is host.
So try
tshark -a duration:5 -w packet.pcap host 192.168.1.5
Regards
Mike
On Nov 14, 2006, at 1:51 AM, norman wrote:
Hello,
I have setup wireshark on my local network and wanted to examine
all the traffic that was going out from the gateway or a specific
IP (not the local machine) for a short period of time and output
this in a file.
How do you use it from the command line to get this?
When I run
#tshark -w capture.txt
works, but how do I pass the time to run for, and specify the
actual IP to look at, or even protocol
Many thanks
Norman
Send instant messages to your online friends http://
uk.messenger.yahoo.com
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users