Wireshark-users: Re: [Wireshark-users] Wireshark GUI in tshark
Date: Wed, 24 Sep 2008 21:58:23 +0200
On Tue, 23 Sep 2008 17:30:59 +0000 (GMT) NADEZHDA PLOTNIKOVA wrote:

> I would like to use tshark for my data capturing but so far used Wireshark
GUI only. 
> so I need some advise on how to do the following (to start with, then I'll
get the idea). 
> Basically i need the script for the following:
> WireShark->Capture->Options
>    Capture---
>    Interface ? ethXX
>    Link layer ? Ethernet
>    Capture files----
>    the directory and file name to put data in
> Stop capture----> 	 After 20 sec 
> Next is to press start; 

Use tshark -D to print a list of interfaces
$ tshark -D
1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN capture)
2. \Device\NPF_{059B8888-3D72-4D13-8BC4-7686E3569DDB} (Broadcom NetXtreme
Gigabit Ethernet Driver (Microsoft's Packet Scheduler) )
3. \Device\NPF_{96F446AD-9709-45DA-95C6-1B92778311A5} (VMware Virtual Ethernet
Adapter)
4. \Device\NPF_{CAA815AD-EB16-4186-8C1B-A04E324963AD} (VMware Virtual Ethernet
Adapter)

$ tshark -i 2 -a duration:20 -w file.cap
-i 2 = select interface
-a duration:20 = stop after 20 seconds
-w file.cap = set the output filename


> Then my workload finished and I need to press stop button on main panel
on WireShark
> After that I need to convert file (or, if tshark supports text output -
that'd be fine!):
> WS->File->Export
>    Browse and define NEW file name a-la oldFile.txt
>    Packet range---
>    All packets
>    Packet format----
>    Summary lane ON
>    Packet details ON
>    As displayed or expanded
>    Packet bytes ON

$ tshark -r file.cap > file.txt
$ tshark -r file.cap -T text > file.txt
Output: summary lines

$ tshark -r file.cap -T text -V > file.txt
Output: packet details

$ tshark -r file.cap -T text -x > file.txt
Output: summary lines and packet bytes

$ tshark -r file.cap -T text -Vx > file.txt
Output: packet details and packet bytes

It's a bit strange. There are various ways to print the summary lines. 
You can use the options -V and -x to add output of the packet details and
bytes.
In case of *-T text -x* the summary lines are printed.
In case of *-T text -Vx* the summary lines are not printed.

BTW I'm on version TShark 1.0.3 (SVN Rev 26134)

HTH
Joan