[Wireshark-bugs] [Bug 14491] New: Dumpcap doesn't support a -Q flag

Wed, 07 Mar 2018 03:19:59 -0800 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14491

            Bug ID: 14491
           Summary: Dumpcap doesn't support a -Q flag
           Product: Wireshark
           Version: 2.4.2
          Hardware: x86
                OS: Windows 7
            Status: UNCONFIRMED
          Severity: Major
          Priority: Low
         Component: TShark
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: avi_...@rad.com
  Target Milestone: ---

Build Information:
C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\dumpcap.exe"
-h
Dumpcap (Wireshark) 2.4.2 (v2.4.2-0-gb6c63ae086)
Capture network packets and dump them into a pcapng or pcap file.
See https://www.wireshark.org for more information.

Usage: dumpcap [options] ...


C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\tshark.exe"
-h
TShark (Wireshark) 2.4.2 (v2.4.2-0-gb6c63ae086)
Dump and analyze network traffic.
See https://www.wireshark.org for more information.

Usage: tshark [options] ...

--
Dear reader,

grahamb answered: 
Dumpcap doesn't support a -Q flag, hence the error. Adding support to dumpcap
for that would require an Enhancement request on the Wireshark Bugzilla.

My question was:
I used the following line for getting the results in text file and it works
fine. i.e. No notification messages in the error channel.

"C:\Program Files (x86)\Wireshark\tshark.exe" -Q -P -i 4 -Y
"ip.dst==172.17.231.50&&icmp" -V -S 5%%%5 > C:\temp\output.txt

When trying to get the results in a pcap file, I received notification messages
in the error channel.

"C:\\Program Files (x86)\\Wireshark\\dumpcap.exe" -i 4 -w - | "C:\\Program
Files (x86)\\Wireshark\\tshark.exe" -Q -P -r - -Y "ip.dst==172.17.231.50&&icmp"
-w "C:\\temp\\output.pcap"

Trying to add –P –Q to the first part yielded an error message saying:
“C:\Program Files (x86)\Wireshark\dumpcap.exe: invalid option -- 'Q'”

"C:\Program Files (x86)\Wireshark\dumpcap.exe" -Q -P -i 4 -w - | "C:\Program
Files (x86)\Wireshark\tshark.exe" -Q -P -r - -Y "ip.dst==172.17.231.50&&icmp"
-w "C:\temp\output.pcap" C:\Program Files (x86)\Wireshark\dumpcap.exe: invalid
option -- 'Q'

Is there a proper way of getting the captured packets into a pcap file without
any notification messages in the error channel?

(The double backslash is because I’m activating the command with python)

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to