Thanks for your reply.
Mike Savory <msavory@xxxxxxxxx> wrote:
Hi Norman
Read
man tshark
and
man tcpdump
-a
Specify a criterion that specifies when TShark is to stop
writing
to a capture file. The criterion is of the form
test:value, where
test is one of:
duration:value Stop writing to a capture file after value
seconds
have elapsed.
-w |-
Write raw packet data to outfile or to the standard
output if out-
file is '-'.
NOTE: -w provides raw packet data, not text. If you want
text out-
put you need to redirect stdout (e.g. using '>'), don't
use the -w
option for this.
host host
True if either the IPv4/v6 source or
destination of the
packet is host.
So try
tshark -a duration:5 -w packet.pcap host 192.168.1.5
Regards
Mike
On Nov 14, 2006, at 1:51 AM, norman wrote:
> Hello,
> I have setup wireshark on my local network and wanted to examine
> all the traffic that was going out from the gateway or a specific
> IP (not the local machine) for a short period of time and output
> this in a file.
>
> How do you use it from the command line to get this?
>
> When I run
>
> #tshark -w capture.txt
>
> works, but how do I pass the time to run for, and specify the
> actual IP to look at, or even protocol
>
> Many thanks
>
> Norman
> Send instant messages to your online friends http://
> uk.messenger.yahoo.com
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
Send instant messages to your online friends http://uk.messenger.yahoo.com
