How to use the Wireshark utility tshark to gather packet information from the command line (4041544)

Converse agora com nosso suporte

Voltar

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Título

How to use the Wireshark utility tshark to gather packet information from the command line
Descrição

Tshark is a utility that comes with Wireshark. It will let you capture network packets without using the GUI.
Causa

Network troublshooting
Resolução

1. Open a command window as administrator and go to the folder where Wireshark is installed.
2. Run the following command after replacing the IP address to the IP address of the other server you are monitoring packets to and from.
tshark -f "host 192.168.1.1" -b filesize:10000 -b files:5 -n -w "C:\tsfile.pcap"
-f filters the capture to only get packets to and from the specified IP address.
-b sets the size of each file it stores the packet capture in to 10MB and 5 files. When it fills up 5 files, it will delete the oldest so it should only use about 50MB of space on disk and keep the most recent information.
-n disables name resolution, so only IP addresses and port numbers will be shown in the capture.
-w specifies the location and base file name it will write the packet capture to. Be sure the location exists.

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Conteúdo recomendado

Título