Useful tool to chunk a large unwieldy packet capture file. Comes bundled with Wireshark.
"c:/program files (x86)/wireshark/editcap.exe" -c 20000 dropped_packets_capture.pcapng split.pcapng
Sunday, October 2, 2016
TSHARK - wireshark bundled CLI tool
Useful command line tool bundled with wireshark. Less resource intensive than GUI based Wireshark, with many parameters for quick custom made captures.
List local computer interfaces with tshark -d
Quick capture directed to screen tshark -i 8
Quick capture direct to a file tshark -i 8 -w c:\users\richard\allpkts.pcapng
Monitor ping statistics Sevice Respons Times tshark -i 8 -qz icmp,srt
Filter a packet capture file for a particular ip address and create a smaller packet capture file
"c:/program files (x86)/wireshark/tshark.exe" -r dropped_packets_capture.pcapng - Y "ip.addr==192.168.72.177" -w filtered.pcapng
Full tshark command description here
https://www.wireshark.org/docs/man-pages/tshark.html
Useful command line tool bundled with wireshark. Less resource intensive than GUI based Wireshark, with many parameters for quick custom made captures.
List local computer interfaces with tshark -d
Quick capture directed to screen tshark -i 8
Quick capture direct to a file tshark -i 8 -w c:\users\richard\allpkts.pcapng
Monitor ping statistics Sevice Respons Times tshark -i 8 -qz icmp,srt
Filter a packet capture file for a particular ip address and create a smaller packet capture file
"c:/program files (x86)/wireshark/tshark.exe" -r dropped_packets_capture.pcapng - Y "ip.addr==192.168.72.177" -w filtered.pcapng
Full tshark command description here
https://www.wireshark.org/docs/man-pages/tshark.html
Subscribe to:
Posts (Atom)
