0

I'm trying to use tshark to maintain a running history of all the packets that are going through an interface, for say 30 seconds. I want it to be human readable.

This is a linux machine, and without mucking too much into the netstack source (which I can do if push comes to shove), I was wondering if I can use tshark to this.

tshark has a -b duration:10 -b files:2 which I can use to generate a rotating set of 2 files, but I don't know which format it is printing the file in or how to read it.

quanta
  • 51,413
  • 19
  • 159
  • 217
Sridhar Iyer
  • 103
  • 2

1 Answers1

1

It is saving to the pcap format, read it with tshark, wireshark, tcpdump, etc. To read a file with tshark do a tshark -r filename.

quanta
  • 51,413
  • 19
  • 159
  • 217
Zoredache
  • 130,897
  • 41
  • 276
  • 420