[Wireshark-users] tshark help
Hi, I know nothing about wireshark but I was advised to use it to check my webserver network traffic for a possible fault... the server is not local (it runs centos4) and I (having read a bit) found tshark and thought that that would probably be the way to go (although I could be wrong)./... I did manage to get tshark to output files but I then couldn't read them (although I was aiming for a text file output it didn't seem to be text). I was using variations of the following tshark -a duration:15 -T ps -w tsharkOP.txt My questionis how can I output a file that I can then read / inspect? Or should I be approaching this differently? Any help / guidance / advice much apprecciated. Thanks Andy ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] tshark help
Hi, You may be on the right track, unable to see why not from the limited description of your requirements. Still the output you desire is available if you take notice of the comment on the -w option, found in the tshark man page: -w outfile|- Write raw packet data to outfile or to the standard output if outfile is '-'. NOTE: -w provides raw packet data, not text. If you want text output you need to redirect stdout (e.g. using ''), don't use the -w option for this. Thanx, Jaap On Mon, 13 Nov 2006, Andrew Watson wrote: Hi, I know nothing about wireshark but I was advised to use it to check my webserver network traffic for a possible fault... the server is not local (it runs centos4) and I (having read a bit) found tshark and thought that that would probably be the way to go (although I could be wrong)./... I did manage to get tshark to output files but I then couldn't read them (although I was aiming for a text file output it didn't seem to be text). I was using variations of the following tshark -a duration:15 -T ps -w tsharkOP.txt My questionis how can I output a file that I can then read / inspect? Or should I be approaching this differently? Any help / guidance / advice much apprecciated. Thanks Andy ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] tshark help
Andrew Watson wrote: My questionis how can I output a file that I can then read / inspect? As Jaap Keuter noted, the output of the -w flag isn't a text file, it's a binary file containing raw packet data. Either 1) don't use the -w, just redirect the output, which will produce a text file - in UN*X text file format, *not* Windows text file format, in versions running on a UN*X (which CentOS is, being a Linux distribution), so if you're planning on reading it on a Windows system (as the .txt suggests you might be), you'll need a text editor that can handle files with LFs but no CRs at the ends of lines or 2) use -w, and read the file with TShark or Wireshark (or any other program that can read libpcap-format files) rather than with a text editor. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users