At the moment I'm successfully running the following tshark command on Windows 10 and Windows server 2012:
tshark -l -n -r "\\.\pipe\tsharkpipe2"
but when I run it on Windows 7 and Windows server 2012, tshark gives me File does not exist error. However I can use the pipe with -i like:
tshark -i "\\.\pipe\tsharkpipe2"
but I need to run -Y filter and -T pdml which seems cannot be done using -i.
I'm using tshark 2.0.5 and C# Example from Wireshark wiki and both tshark and my client are running as Administrator.
Am I missing something here?
Related
What's the best way and how to run the below commands in windows cmd? I'm running them in Ubuntu ... but how to do so in Windows?
Ubuntu terminal:
sudo unzip '/var/www/html/*20180301.zip' -d '/var/www/html/';
sudo sed -i '1,2d;$d' /var/www/html/*20180301.TXT;
sudo cat /var/www/html/*20180301.TXT > /var/www/html/records_all20180301.txt;
Windows cmd:
?
Sorry for my bad answer :(
You can use the following commands to read text files
type text.txt
more text.txt
To write to a text file, use
"text" > text.txt
I don't know about the second command.
Windows doesn't come with a command-line file zipping tool so you have to use other methods.
How to zip a file using cmd line?
When trying to capture tcpdump output to a file, I get the following:
▒ò▒▒▒▒3▒X▒▒<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒▒<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒▒<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒Xu<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒D<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒D<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X5▒<<▒▒▒▒▒▒▒4▒4▒b
7
7▒▒3▒X▒<<▒▒▒▒▒▒▒4▒4▒b
If I run tcpdump without the -w the output displays fine in the shell.
Here is the input:
tcpdump -i eth0 -Z root -w `date '+%m-%d-%y.%T.pcap'`
tcpdump -w writes the raw file, which is not meant for reading directly. You can read the file back with the tcpdump -r option as suggested in the man page:
-r Read packets from file (which was created with the -w option). Standard input is used if file is ‘‘-’’.
-w Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ‘‘-’’. See pcap-savefile(5) for a description of the file format.
Another option would be to redirect the output without using the -w option:
tcpdump -i eth0 -Z root > `date '+%m-%d-%y.%T.pcap'`
But if I remember correctly you don’t get exactly what would be written with the -w option.
I am running following command with tshark 1.8.2
tshark -nr 2calls.pcap -Y "ip.src eq 207.239.33.54 || ip.dst eq 207.239.33.54 " -w final.cap
But always encounter this type of error.
tshark: invalid option -- 'Y'
Running tshark -h does not show display filter option.
I tried installing tshark 1.12 on my debian (Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux) but no luck, a lot of dependencies are involved there.
How can i run the above command or install tshark 1.12 on my debian server?
Any help would be much appreciated.
Thanks
Is there a way to get any media file (.avi, .mp4, .mp3, etc.) length using Mac's Terminal?
I there is a need to install a package or a library can you please specify which, and how to install them?
Mac built in:
mdls *.mp4
Tested in MacOSX 10.6.8
You can use ffmpeg or ffprobe to get the duration. You can install ffmpeg easily using Homebrew:
brew install ffmpeg
And then you can get the duration using this command:
ffmpeg -i input 2>&1 | grep "Duration"| cut -d ' ' -f 4 | sed s/,//
See the answers here for more details: How to get length of video file from console?
I have basically two lines of code which are:
tcpdump -i eth0 -s 65535 -w - >/tmp/Captures
tshark -i /tmp/Captures -T pdml >results.xml
if I run them both in separate terminals it works fine.
However I've been trying to create a simple bash script that will execute them at the same time, but have had no luck. Bash script is as follows:
#! /bin/bash
tcpdump -i eth0 -s 65535 -w - >/tmp/Captures &
tshark -i /tmp/Captures -T pdml >results.xml &
If anyone could possibly help in getting this to work or getting it to "run tcpdump until a key is pressed, then run tshark. then when a key is pressed again close."
I have only a little bash scripting experience.
Do you need to run tcpdump and tshark separately? Using a pipe command will feed the output of tcpdump to the input of tshark.
tcpdump -i eth0 -s 65535 | tshark -T -pdml > results.xml