Tshark fields for capture filter
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I get an invalid capture filter when trying to use this:
tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid
I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!
linux tshark
asked Jun 5 at 22:29
axxic3
2016
add a comment |Â
up vote
1
down vote
favorite
I get an invalid capture filter when trying to use this:
tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid
I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!
linux tshark
asked Jun 5 at 22:29
axxic3
2016
1
I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25
Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I get an invalid capture filter when trying to use this:
tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid
I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!
linux tshark
asked Jun 5 at 22:29
axxic3
2016
I get an invalid capture filter when trying to use this:
tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid
I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!
linux tshark
asked Jun 5 at 22:29
axxic3
2016
asked Jun 5 at 22:29
axxic3
2016
asked Jun 5 at 22:29
axxic3
2016
asked Jun 5 at 22:29
axxic3
2016
2016
1
I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25
Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16
add a comment |Â
1
I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25
Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16
1
1
I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25
I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25
Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16
Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
I assume you have to put your capture filter in quotation marks, preceded with -f like that:
tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
answered Jun 6 at 13:45
Winnie Tigger
1595
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
I assume you have to put your capture filter in quotation marks, preceded with -f like that:
tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
answered Jun 6 at 13:45
Winnie Tigger
1595
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
add a comment |Â
up vote
1
down vote
accepted
I assume you have to put your capture filter in quotation marks, preceded with -f like that:
tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
answered Jun 6 at 13:45
Winnie Tigger
1595
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
I assume you have to put your capture filter in quotation marks, preceded with -f like that:
tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
answered Jun 6 at 13:45
Winnie Tigger
1595
I assume you have to put your capture filter in quotation marks, preceded with -f like that:
tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
answered Jun 6 at 13:45
Winnie Tigger
1595
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
edited Jun 6 at 13:59
Jeff Schaller
30.9k846105
30.9k846105
answered Jun 6 at 13:45
Winnie Tigger
1595
answered Jun 6 at 13:45
Winnie Tigger
1595
answered Jun 6 at 13:45
Winnie Tigger
1595
1595
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
add a comment |Â
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15
add a comment |Â
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448091%2ftshark-fields-for-capture-filter%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25
Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16