I need to hide data that is displayed while executing tshark command line for wireshark:
tshark -i tun0 -T ek -w /home/PCAP_Folder/Sim_Run1st.pcap
I am running two program simultaneously
The following will send the output to /dev/null:
tshark -i tun0 -T ek -w /home/PCAP_Folder/Sim_Run1st.pcap > /dev/null
If you also want to hide any error message:
tshark -i tun0 -T ek -w /home/PCAP_Folder/Sim_Run1st.pcap &> /dev/null
Note that if you also hide the error messages, the -T ek option becomes pointless.
Related
I need a tshark command so i can create a txt file containing Ipsource>Ipdestination:Info in this order ! i tried this command
tshark -T fields -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -E separator=, -e ip.src -e ip.dst > "C:\Users\dell\Desktop\walima22.txt"*
but i can't change the separator and show the infos
There are generally 2 solutions for printing specific column data, one using column-specifiers and the other using fields, similar to what you have.
Using column-specifiers:
Standard specifiers as described by tshark.exe -G column-formats:
tshark.exe -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -o "gui.column.format:\"Source\",\"%s\",\"Destination\",\"%d\",\"Info\",\"%i\""
... or using custom columns for those fields that are supported:
tshark.exe -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -o "gui.column.format:\"Source\",\"%Cus:ip.src\",\"Destination\",\"%Cus:ip.dst\",\"Info\",\"%i\""
Using Fields:
tshark.exe -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -T fields -E separator=, -e ip.src -e ip.dst -e _ws.col.Info
but i can't change the separator
You should be able to change it using the -E option. Refer to the tshark man page for more help with this option.
I want to capture MQTT packets on the SSH Linux-based remote server using Wireshark from my home. I can capture data go out through the Internet, such as when I use this command line mosquitto_pub -h test.mosquitto.org -t topic -m "Hello", I can see the packets in Wireshark. But, When I publish data in localhost, such as using this command mosquitto_pub -d -h localhost -t hello/world -m "75" I can't see any packets in Wireshark. I want to make a client/server in the same remote server.
I use this command to open Wireshark:
sudo ssh user#x.x.x.x tcpdump -U -s0 -w - | wireshark -k -i -
I know only a basic thing in Wireshark, so please how I solve this?
You didn't specify the interface that tcpdump should capture on. Try adding the -i lo option, as in:
sudo ssh user#x.x.x.x tcpdump -i lo -U -s0 -w - | wireshark -k -i -
I've been fiddling a lot with a cron job, and so far I cannot make it work properly.
Here is the command:
docker exec mosquitto mosquitto_pub -h localhost -p 1883 -u LOGIN -P PASSWORD -t rtorrent_ntorrents -m "{\"ntorrents\": $(docker exec -it box rtxmlrpc download_list "" | wc -l)}"
Here is what I tried:
putting it in a cronjob to be executed every minute:
* * * * * /usr/bin/zsh -c 'docker exec mosquitto mosquitto_pub -h localhost -p 1883 -u LOGIN -P PASSWORD -t rtorrent_ntorrents -m "{\"ntorrents\": $(docker exec -it box rtxmlrpc download_list "" | wc -l)}"'
-> fails
put the command in a function in .zshenv or .zshrc, then create a CRON job launching the function -> fails
I also tried setting up a simple script:
#!/usr/bin/zsh
while :
do
docker exec mosquitto mosquitto_pub -h localhost -p 1883 -u LOGIN -P PASSWORD -t rtorrent_ntorrents -m "{\"ntorrents\": $(docker exec -it box rtxmlrpc downl$
sleep 60
done
Which fails this way:
[1] 8665
[1] + 8665 suspended (tty output) ./ntorrents
The only way I found to use my command in a background process is screen...
Of course, running the command itself in a shell produces the desired result.
Thanks in advance for your help.
As mentioned in the comments, removing the -it parameter solves the issue.
Even though I appear to write it as pretty much all the examples on the web, I still have this error.
Here, take a look... http://i.imgur.com/1TqL52V.png
My code is as follows (in case you didn't take a look):
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs" -a -r "C70 PS Driver" -h 13.226.51.135 -o raw -n 9200
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs" -a -v 3 -m "Xerox Color C70 PS" -i "C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf\x2GITHP.inf" -h "C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf"
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs" -a -p "Xerox Color C70 PS" -m "Xerox Color C70 PS" -r "C70 PS Driver"
The error is at line 1, and says:
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
C:\Users\Antoine\AppData\Local\Adersoft\VbsEdit\Temp\MMNPNCCZ.vbs(1, 78) Microsoft VBScript >compilation error: Expected end of statement
***** script completed - exit code: 1 *****
Edit: Here's the content of the file (C:\Users\Antoine\AppData\Local\Adersoft\VbsEdit\Temp\MMNPNCCZ.vbs)
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs" -a -r "C70 PS Driver" -h 13.226.51.135 -o raw -n 9200
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs" -a -v 3 -m "Xerox Color C70 PS" -i "C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf\x2GITHP.inf" -h "C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf"
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs" -a -p "Xerox Color C70 PS" -m "Xerox Color C70 PS" -r "C70 PS Driver"
I have to say, its my first time trying to script this, so yes, I'm new to this.
In any case, all comments are welcomed.
Thank you,
Rename MMNPNCCZ.vbs to MMNPNCCZ.bat. You can't run commands from VBScript like that.
#echo off
rem MMNPNCCZ.bat
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs" -a -r "C70 PS Driver" -h 13.226.51.135 -o raw -n 9200
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs" -a -v 3 -m "Xerox Color C70 PS" -i "C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf\x2GITHP.inf" -h "C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf"
cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs" -a -p "Xerox Color C70 PS" -m "Xerox Color C70 PS" -r "C70 PS Driver"
If you must do it in VBScript you'd need something like this:
' MMNPNCCZ.vbs
Set sh = CreateObject("WScript.Shell")
sh.Run "cscript ""C:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs"" -a -r ""C70 PS Driver"" -h 13.226.51.135 -o raw -n 9200", 0, True
sh.Run "cscript ""C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs"" -a -v 3 -m ""Xerox Color C70 PS"" -i ""C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf\x2GITHP.inf"" -h ""C:\Xerox_C70_2014_11\XCC70_5.382.4.0_PS_x64_Driver.inf""", 0, True
sh.Run "cscript ""C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs"" -a -p ""Xerox Color C70 PS"" -m ""Xerox Color C70 PS"" -r ""C70 PS Driver""", 0, True
I am successfully able to capture with this command line.
C:\Program Files\Wireshark\wireshark.exe -i 4 -k -b duration:3600 -w c:\capture.pcap
I have tried this method and it pops the Wireshark command line help window.
C:\Program Files\Wireshark\wireshark.exe -i 4 -k -b duration:3600 -w -f 10.0.0.1 and 10.0.0.2 and 10.0.0.3 c:\capture.pcap
I have also tried this way.
C:\Program Files\Wireshark\wireshark.exe -i 4 -k -b duration:3600 -w -f host 10.0.0.1 and 10.0.0.2 and 10.0.0.3 c:\capture.pcap
Neither one of the above work. they both get the same error. I know it is something simple, however I do not know Wireshark well enough.
Thanks.
You have a few problems:
The filename (c:\capture.pcap) must immediately follow the -w flag.
The filter must be "quoted" if it contains spaces.
You must specify the "host" keyword before each address.
The logical operation you want is almost certainly "or", not "and"
Given the above, try:
C:\Program Files\Wireshark\wireshark.exe -i 4 -k -b duration:3600 -w c:\capture.pcap -f "host 10.0.0.1 or host 10.0.0.2 or host 10.0.0.3"