start capturing with command line in libpcap format

Question

I try to start capturing with Wireshark using command line but the default output file is pcap extension but Wireshark - pcapng file type and I need libpcap file type. My command is

tshark.exe" -i interfacenumber -W MyFile.pcap

I also tried

tshark.exe" -i 1 -F libpcap -W MyFile.pcap

and in this case no file created on my disk although I can see the packets in the command line window

Answer 1

I think that in the newest Wireshark versions (1.8.x or 1.10.x) you cannot start capturing in libpcap format and the default format is pcapng (also pcap extension - try to use verion 1.6.x) That's what solve my problem

http://www.wireshark.org/download/win64/all-versions/

http://www.wireshark.org/download/win32/all-versions/

Answer 2

Since the -F libpcap option is not working for me either, I'm using another command line tool in the same directory:

editcap -F libpcap currentFile.pcap(ng) libpcapConvertedFile.pcap where "currentFile.whatever" is the pcapng-formatted file and "libpcapConvertedFile.whatever" is the outputted legacy libpcap format.

I run this once tshark is done capturing the original file.

Answer 3

tshark.exe -i 1 -F libpcap -w MyFile.pcap`

is the right answer (note the lower case 'w').

(-W does something different. There's lot's of tshark options, so you need to look carefully at the tshark -h output to make sure you're using the right option).