I want to run followed command:
tshark -l > some.txt
As you see I write stdout
to some.txt
file.
But I get under /tmp
folder temp files named etherXXXX*
and these files can increase to 1-2G during 1 hour.
From tshark man
I found to use -b option
.
So I wrote:
tshark -b filesize:1024 -b files:5 -l > some.txt
and got error: tshark: Maximum capture file size specified, but capture isn't being saved to a file.
From tshark.c
code i found to use -w
flag
tshark -b filesize:1024 -b files:5 -l -w > some.txt
Now no files have been created under /tmp
but some.txt file now bin file and i cant open it. Because -w
flag make it like with cap
extension. :(
How can I handle temp files?
BTW, some.txt
file content was:
0.118166 1.1.1.1 -> 2.2.2.2 HTTP GET /services/client/client.php?cnc=13 HTTP/1.1
0.136235 1.1.1.1 -> 2.2.2.2 HTTP GET /services/client/clsWebClient.php HTTP/1.1
0.271442 1.1.1.1 -> 2.2.2.2 HTTP GET /services/client/client.php?cnc=13 HTTP/1.1
1.190018 1.1.1.1 -> 2.2.2.2 HTTP GET /services/client/clsWebClient.php HTTP/1.1
Thank you,