Wireshark mailing list archives
Re: [!! SPAM] Re: Display results to window
From: Chip <jeffschips () gmail com>
Date: Tue, 01 Nov 2011 16:22:12 -0400
On 11/1/2011 4:13 PM, Guy Harris wrote:
To quote the answer to the previous asking of these questions: On Nov 1, 2011, at 12:17 PM, Jeffrey Starin wrote:Hello All, Question: when using dumpcap to write to a file, is there a switch for viewing the data on the monitor as it writes to file?What do you mean by "viewing the data"? Dumpcap has no switch to dump out the raw contents of the bytes in the packet as hex or ASCII, and will *never ever* have a switch to view the packets as dissected - one of the reasons why dumpcap *exists* is *not* to have any capability to dissect packets, so that, if a program has to run with special privileges in order to capture network traffic, there's a limited amount of code running with those privileges, and thus a limited amount of code that has to be considered "safe". Wireshark and TShark run dumpcap to capture traffic; running Wireshark or TShark with any special privileges would be foolish. (Yes, this means "don't run Wireshark or TShark as root.") If you want to see dissected versions of the packets as they're captured, use TShark with the -S flag.And alas, if I only want to capture the ip addresses of the two endpoints to the conversation along with timestamp, what would be the proper filter to use?What do you mean by "only want to capture the ip addresses of the two endpoints"? If you mean you only want to capture traffic between two particular known-by-IP-address endpoints, you'd want a capture filter of host {IP address 1} and {IP address 2}
Let me say differently: pcap-filters do or do not work with dumpcap? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Display results to window Jeffrey Starin (Nov 01)
- Re: Display results to window Guy Harris (Nov 01)
- Re: [!! SPAM] Re: Display results to window Chip (Nov 01)
- Re: [!! SPAM] Re: Display results to window Guy Harris (Nov 01)
- Re: [!! SPAM] Re: Display results to window Chip (Nov 01)
- Re: Display results to window Guy Harris (Nov 01)