• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 840
  • Last Modified:

Wireshark command line

I am using wirehshark tshark command line to extract host entries to a text file, I am using the below command which looks right from the tutorial but I get the error message tshark: -R without -2 is deprecated. For single-pass filtering use -Y.

Can anyone tell me what the above error means and what I am doing wrong.

C:\Program Files\Wireshark>tshark -r lim.pcapng -R http.host -T fields -e ip.src -e ip.dst -e http.host > httphostim.txt
1 Solution
QlemoBatchelor and DeveloperCommented:
The message says it all, either you add -2 to get a two-pass scan, or replace -R by -Y. For your purpose the letter should work fine.
Two-pass scans are required for resent and sequence analysis asf.
Sid_FAuthor Commented:
Thanks sorry for the delay in replying
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now