How to define a flow in Tshark?

Question

I want to use Tshark as a subprocess and I need to define a flow to display its packets, but I don't know the cmd to define a flow in tshark, just I know it in wireshark:

ip.src == ipAddr and ip.dst == ipAddrDst and udp.srcport == 33191 and udp.dstport == 2003 ;

So can you help me to find the equivalent cmd in tshark?

score 0 · Answer 1 · answered Aug 20 '17 at 09:06

0

You need to use tcpdump's syntax:

tshark "ip and udp and src host ipAddr and dst host ipAddrDst \
        and src port 33191 and dst port 2003"

answered Aug 20 '17 at 09:06

pchaigno

11,313
2
29
54

How to define a flow in Tshark?

1 Answers1