i looking for command for check if my Wireshark file has Checksum error, i can do it with the command ip.checksum_bad == 1 but this is from the application GUI
tshark -R 'ip.checksum_bad==1' -Vr file
will do the trick ...
See the man page for tshark.
Related
I am trying to do packet capture analysis with tshark on about 30000 files looking for a needle in the haystack.The files containing interesting needles contain icmp failures. I wrote a script which iterates though these files with tshark but they all return 0 results.
tshark -r <filename> -Y "icmp.no_resp"
tshark -r <filename> -Y "icmp.resp_not_found"
Both ofthese commands yield 0 results. However when I open a specific file and use the display filter "icmp.no_resp" or "icmp.resp_not_found" I see results.
Is this a bug in T-shark where it can't identify response not found?
I'm running tshark/wireshark v3.6.7 on Ubuntu
I figured it out.
tshark requires multiple passes to identify certain display filters. Doing a command like so creates this.
tshark -r <filename> -Y "icmp.resp_not_found" -2
I hope this helps someone in the future.
I want to compile a Hello World program. I use javac Hello_World.java. However in cmd terminal window, it shows "semicolon is missing" compilation error.
How do I store this compilation error into a text file? Or even a string will do. How do I "catch" this error? I tried
javac filename.java 2 > textfile.txt
But javac still prints stderr and stdout to screen.
Get rid of the space between 2 and >
javac filename.java 2> textfile.txt
Another way is by redirecting stderr into stdout:
javac filename.java > textfile.txt 2>&1
More info: https://support.microsoft.com/en-us/help/110930/redirecting-error-messages-from-command-prompt-stderr-stdout
-verbose is what you´re looking for. It will show the logs of the compiler, then you put the output in a file.
javac XXX -verbose > textfile.txt
For some automation purpose I have below requirements for the Wireshark log file(.pcap).
1-Conversion of Wireshark logs(.pcap file ) to text file with detail of packets.
2-Conversion of Wireshark logs (.pcap file) to text file with some filter (eg: bssgp.pdu_type == 0x00) with detail of packets.
I know how to convert the wireshark files to text file through GUI,
But I need the cli commands for the same to automate the procedure.
Thanks in advance
To convert a .pcap file to text output, you can run:
tshark -V -r file.pcap > file.txt
If you only want to convert certain packets that match a Wireshark display filter, then using your filter, you can run:
tshark -Y "bssgp.pdu_type == 0x00" -V -r file.pcap > file.txt
If the -V option provides too much detail, you can limit the detail to specific protocol(s) by using the -O option instead. For example, to provide details for bssgp only and a summary for all other protocols, try:
tshark -Y "bssgp.pdu_type == 0x00" -O bssgp -r file.pcap > file.txt
Refer to the tshark man page for more details about these options.
I try to get Read all HTTP URLs from PCAp file using this command line command:
tshark -R -e http.request.uri -r C:file.pcap
And got the message
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
What's wrong with my filter ?
Using the filter as single pass, like suggested, does it for me:
tshark -Y http.request.uri -r capturefile
I'm running the PHP CLI through a NSTask in MacOS, but this question is more about the CLI itself.
I'm listening to the stderr pipe, but nothing is output there no matter what file I try to run:
If the file type is not a plain text, stdout sets to ?.
If the file is a php script with errors, the error messages are still printed to stdout.
Is there a switch to the interpreter to handle errors through stderr? Do I have an option to detect errors other than parsing stdout?
The display_errors directive (can be set everywhere) takes optionally the parameter "stderr" for it to report errors to stderr instead of stdout or completely disabled error output. Quoting from the PHP manual entry:
Value "stderr" sends the errors to stderr instead of stdout. The value is available as of PHP 5.2.4.
Alternatively if you're using the commandline interface and you want to output the errors your own you can re-use the command-line nput/output streams:
fwrite(STDERR, 'error message');
Here STDERR is an already opened stream to stderr.
Alternatively if you want to do it just for this script and not in CLI you can open a filed handler to php://stderr and write the error messages there.
$fe = fopen('php://stderr', 'w');
fwrite($fe, 'error message');
If you want the error messages sent by the php interpreter should go to the stderr-pipe, you must set display_errors to stderr
This is required to return from PHP realm into shell environment in order to parse properly error message. You still need to exit(1) or whatever integer in order to return exit status code from PHP to shell.
fwrite(STDERR, 'error message'); //output message into 2> buffer
exit(0x0a); //return error status code to shell
Then, your crontab entry will look like:
30 3 * * * /usr/bin/php /full/path/to/phpFile.php >> /logdir/fullpath/journal.log 2>> /logdir/fullpath/error_journal.log
You can also use file_put_contents() with "php://stderr" to output to standard error, like:
php -r 'file_put_contents("php://stderr", "Hiya, PHP!\n"); echo "Bye!\n";' 1>/dev/null
which outputs "Hiya, PHP!\n" to standard error and nothing to standard output when executed in a Bash shell.