José María Polvorosa Amor wrote: > Dear friend, > > > Example: > --I transfer a file from myServer to myPC. Wireshark is sniffing on myPC. > 1. Wireshark (gui) is sniffing at the same time. Then I filter packets to > show only "ftp or ftp-data". Everything OK > 2. Tshark is sniffing at the same time. Command: tshark -i eth0 -p -R "ftp or > ftp-data". > Sometimes it collect 1 packet, sometimes 4 packets, but always first packets, > never "FTP Response: Transfer complete" that is the last one > in a correct transfer or ftp-data that contents file-data. > > I also updated my Fedora 6 kernel (2.6.20-1.2962), but I don't know if it > affects, all my modules work properly. > So, I will be pleased if someone could help me, is it problem of the kernel > or maybe the > update modified wireshark? I changed wireshark version, reinstall > new one and everything goes on. I'm a bit desesperated. > > Information from : wireshark -v > wireshark 0.99.3a >
Unless I'm missing something, "tshark -i eth0 -p -R "ftp or ftp-data" should be OK. First: 0.99.3 is quite old... Can you update to the current version 0.99.7. (I'm not sure what you mean by "update modified wireshark" and "changed wireshark version, re-install new one". Is the 0.99.3a a locally modified Wireshark ? What 'new one' was installed ?) Even though you are using Fedora 6, I believe downloading and installing the latest Wireshark (from the Fedora-8 repository by using yum or whatever) should work just fine. Second: Are you testing tshark as part of your "integrated in a C program" setup? If so: does tshark give the correct results if run by itself ? Third: What does tshark -D show ?? _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
