Also wanted to ask if there was some kind of "stop execution" command that would stop the current capturing but still save the results in a.
The problem probably comes from the way I "chain" the conditions. etc, but can't figure a way to get this work. So the final command should be this : tshark -i 2 -a duration:60 -vx -f "ip" & "ip.src = 192.168.0.1" & "ip.dst = 111.222.111.222" & "port = 80 or port = 443" & " = 'GET'" > test.txtīut I keep getting an error message from Windows saying that '"ip.src = 192.168.0.1" isn't a recognized internal or external command. Question: in wireshark: What would be the two display filters you would use if you wanted to only display packets with port 443 And how would the filter change. " = 'GET'" (it should be a GET request)Īnd then I want the results to be saved in a file "test.txt". "port = 80 or port = 443" (port should be http or https) a duration:60 (the "scan" should last 60 seconds)Īnd a filter that only captures packets with these particularities : "ip" (only IP packets) I want to add those options to the command : -i 2 (interface with index n☂) I'm trying to write a filter for TShark the command line based Wireshark.
0 kommentar(er)
