Re: Display dumpcap in real time

[Martin Visser <martinvisser99 () gmail com>]

If you want display, use tshark. Something like this should be want you
want:-


marty@monga:~$ tshark -i eth1 -T fields -e frame.time -e ip.src -e ip.dst
Capturing on eth1
Nov  2, 2011 07:06:15.369463000 192.168.98.240 74.125.237.22
Nov  2, 2011 07:06:15.369598000 192.168.98.240 74.125.237.22
Nov  2, 2011 07:06:15.369707000 192.168.98.240 74.125.237.22
Nov  2, 2011 07:06:15.427435000 74.125.237.22 192.168.98.240
Nov  2, 2011 07:06:15.436255000 74.125.237.22 192.168.98.240


Regards, Martin

MartinVisser99 () gmail com


On 2 November 2011 06:22, Chip <jeffschips () gmail com> wrote:

> Hello All,
>
> Question: when using dumpcap to write to a file, is there a switch for
> viewing the data on the monitor as it writes to file?
>
> And alas, if I only want to capture the ip addresses of the two endpoints
> to the conversation along with timestamp, what would be the proper filter
> to use?
>
> The man pages do not -- at least I cannot find -- a method to display to
> the monitor the results as they happen.
>
> Thank you.
> ______________________________**______________________________**
> _______________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org**
> >
> Archives:    http://www.wireshark.org/**lists/wireshark-users<http://www.wireshark.org/lists/wireshark-users>
> Unsubscribe: 
> https://wireshark.org/mailman/**options/wireshark-users<https://wireshark.org/mailman/options/wireshark-users>
>            mailto:wireshark-users-**request () wireshark org<wireshark-users-request () wireshark org>
> ?subject=**unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe