tshark -i wlan3 -f "host 1.2.3.4 and port 80" -c 1000 -w /tmp/test.dump "Wireshark & Ethereal Network Protocol Analyzer Toolkit" In these situations, it is best to use Tshark (the console-based version of Wireshark) to do the actual capture and initial processing of the data. To cap- ture from an interface to a file , use this command: tshark –i -w If you have a limited amount of space and/or want to limit the size of your capture files, you can use the ring buffer functionality with Tshark to capture from interface to capture files with a max- imum size each and a base filename by executing the fol- lowing at the command line: tshark –i -w -b -a filesize: Once you have captured the data you need, you can use Tshark to reduce the capture to a more manageable size. To use a display filter string to filter a capture file and save the results to a new capture file , execute the following at the command line: tshark –r -w -R If you need to extract al