Wireshark-users: [Wireshark-users] tshark not saving file in pdml format ...
the version of tshark I have is:
~
$ tshark -v
TShark 1.8.2
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GLib 2.32.4, with libpcap, with libz 1.2.7, with POSIX
capabilities (Linux), with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without
Python, with GnuTLS 2.12.20, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP.
Running on Linux 3.3.7, with locale en_US.UTF-8.UTF-8, with libpcap version
1.2.1, with libz 1.2.7.
Built using gcc 4.7.1.
~
but even though it does seem to honor the 10 seconds capture time and
all other flags, it does not save file as pdml
~
$ date; sudo tshark -i eth0 -a duration:10 -b filesize:1024 -b
files:10 -T pdml -w
/media/sdb1/prjx/kd/java/net/hc/root_test/test00.pdml; date
Thu Oct 18 22:01:12 UTC 2012
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
18
Thu Oct 18 22:01:22 UTC 2012
~
how can I fix that?
~
Also, how could you tell tshark to just stop the capture after the
already started sessions are all finished?
~
lbrtchx