Wireshark command line

I am using wirehshark tshark command line to extract host entries to a text file, I am using the below command which looks right from the tutorial but I get the error message tshark: -R without -2 is deprecated. For single-pass filtering use -Y.

Can anyone tell me what the above error means and what I am doing wrong.

C:\Program Files\Wireshark>tshark -r lim.pcapng -R http.host -T fields -e ip.src -e ip.dst -e http.host > httphostim.txt
LVL 6
Sid_FAsked:
Who is Participating?
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The message says it all, either you add -2 to get a two-pass scan, or replace -R by -Y. For your purpose the letter should work fine.
Two-pass scans are required for resent and sequence analysis asf.
0
 
Sid_FAuthor Commented:
Thanks sorry for the delay in replying
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.