How to prevent to tshark to create temp files under /tmp?

Question

I want to run followed command:

tshark  -l >  some.txt

As you see I write stdout to some.txt file.

But I get under /tmp folder temp files named etherXXXX* and these files can increase to 1-2G during 1 hour.

From tshark man I found to use -b option.

So I wrote:

tshark -b filesize:1024 -b files:5  -l >  some.txt

and got error: tshark: Maximum capture file size specified, but capture isn't being saved to a file.

From tshark.c code i found to use -w flag

tshark -b filesize:1024 -b files:5  -l -w >  some.txt

Now no files have been created under /tmp but some.txt file now bin file and i cant open it. Because -w flag make it like with cap extension. :(

How can I handle temp files?

BTW, some.txt file content was:

  0.118166 1.1.1.1 -> 2.2.2.2  HTTP GET /services/client/client.php?cnc=13 HTTP/1.1
  0.136235 1.1.1.1 -> 2.2.2.2  HTTP GET /services/client/clsWebClient.php HTTP/1.1
  0.271442 1.1.1.1 -> 2.2.2.2  HTTP GET /services/client/client.php?cnc=13 HTTP/1.1
  1.190018 1.1.1.1 -> 2.2.2.2  HTTP GET /services/client/clsWebClient.php HTTP/1.1

Thank you,

Answer 1

just use the -w <outfile> option to redirect touput to a file

in this case (without output redirection):

tshark -b filesize:1024 -b files:5  -l -w some.txt

The created file(s) will contain the binary data from the dump. You can later analyze this using -r <infile> to read the file and produce text output.