Tshark fields for capture filter

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I get an invalid capture filter when trying to use this:



tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid


I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!







share|improve this question















  • 1




    I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
    – kemotep
    Jun 6 at 13:25











  • Im running on terminal only system but thanks anyways
    – axxic3
    Jun 7 at 6:16














up vote
1
down vote

favorite












I get an invalid capture filter when trying to use this:



tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid


I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!







share|improve this question















  • 1




    I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
    – kemotep
    Jun 6 at 13:25











  • Im running on terminal only system but thanks anyways
    – axxic3
    Jun 7 at 6:16












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I get an invalid capture filter when trying to use this:



tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid


I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!







share|improve this question











I get an invalid capture filter when trying to use this:



tshark -i mon0 subtype probe-req -T fields -e wlan.sa -e wlan_mgt.ssid


I am trying to limit my results to just the source address and SSID of the request. It runs fine without the field options...Thanks!









share|improve this question










share|improve this question




share|improve this question









asked Jun 5 at 22:29









axxic3

2016




2016







  • 1




    I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
    – kemotep
    Jun 6 at 13:25











  • Im running on terminal only system but thanks anyways
    – axxic3
    Jun 7 at 6:16












  • 1




    I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
    – kemotep
    Jun 6 at 13:25











  • Im running on terminal only system but thanks anyways
    – axxic3
    Jun 7 at 6:16







1




1




I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25





I have found a lot of information regarding capturing SSID's but they all filter by MAC address instead of Source IP. Could you please clarify exactly what your goal is? Is it necessary to only use tshark or can the reports created from the graphical client be used? Are you trying to filter what you are trying to capture or simply filter the results to generate a report? Filtering what you capture may not work to be able to collect SSID's however it would be pretty straight forward to filter your results into a text file with only the desired information.
– kemotep
Jun 6 at 13:25













Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16




Im running on terminal only system but thanks anyways
– axxic3
Jun 7 at 6:16










1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










I assume you have to put your capture filter in quotation marks, preceded with -f like that:



tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid





share|improve this answer























  • Thats more like it, thank you very much!
    – axxic3
    Jun 7 at 6:15










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448091%2ftshark-fields-for-capture-filter%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










I assume you have to put your capture filter in quotation marks, preceded with -f like that:



tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid





share|improve this answer























  • Thats more like it, thank you very much!
    – axxic3
    Jun 7 at 6:15














up vote
1
down vote



accepted










I assume you have to put your capture filter in quotation marks, preceded with -f like that:



tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid





share|improve this answer























  • Thats more like it, thank you very much!
    – axxic3
    Jun 7 at 6:15












up vote
1
down vote



accepted







up vote
1
down vote



accepted






I assume you have to put your capture filter in quotation marks, preceded with -f like that:



tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid





share|improve this answer















I assume you have to put your capture filter in quotation marks, preceded with -f like that:



tshark -i mon0 -f "subtype probe-req" -T fields -e wlan.sa -e wlan_mgt.ssid






share|improve this answer















share|improve this answer



share|improve this answer








edited Jun 6 at 13:59









Jeff Schaller

30.9k846105




30.9k846105











answered Jun 6 at 13:45









Winnie Tigger

1595




1595











  • Thats more like it, thank you very much!
    – axxic3
    Jun 7 at 6:15
















  • Thats more like it, thank you very much!
    – axxic3
    Jun 7 at 6:15















Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15




Thats more like it, thank you very much!
– axxic3
Jun 7 at 6:15












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448091%2ftshark-fields-for-capture-filter%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?