tshark - Command Based Version of Wireshark
On UNIX based systems, if you do not have Xmanager or any other X11 facility, you can use the command-prompt based tool, tshark to capture trace on a network interface.
To install tshark, go to http://www.wireshark.org/download.html and see if there aer pre-compled binaries available for your OS. If there is none, you need to compile the source code yourself.
1. Run the following command (as root or sudo root) to list the network interfaces:
-w /tmp/eth0_tshark_trace.pcap specifies the file name where the trace is written.
-i eth0 specifies that the trace is being written for the network interface eth0.
If you want to see the trace on the scree, use the following command:
To install tshark, go to http://www.wireshark.org/download.html and see if there aer pre-compled binaries available for your OS. If there is none, you need to compile the source code yourself.
1. Run the following command (as root or sudo root) to list the network interfaces:
tshark -D2. Let us say you want to trace eth0, run the follwoing command:
tshark -F libpcap -w /tmp/eth0_tshark_trace.pcap -i eth0-F libpcap specifies the file format of the trace. SAP support usually requests for libpcap.
-w /tmp/eth0_tshark_trace.pcap specifies the file name where the trace is written.
-i eth0 specifies that the trace is being written for the network interface eth0.
If you want to see the trace on the scree, use the following command:
tshark -i eth03. Once you have recreated the problem close tshark with ctrl+c
Comments
Post a Comment