I am trying to capture packet using tshark and I want to add filter for wlan source address , so I tried below three steps but none of them worked .
ubuntu:/home/test$ tshark -i mon0 -w /tmp/test11.pcap -a duration:15 -R
(wlan.sa == 3e:52:82:c1:2e:a9)"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
ubuntu:/home/test$ tshark -i mon0 -w /tmp/test11.pcap -a duration:15 -Y "
(wlan.sa == 3e:52:82:c1:2e:a9)"
tshark: Display filters aren't supported when capturing and saving the captured packets.
ubuntu:/home/test$ tshark -i mon0 -w /tmp/test11.pcap -a duration:15 -2R "
(wlan.sa == 3e:52:82:c1:2e:a9)"
tshark: Live captures do not support two-pass analysis.
How to add the filter for wlan address
You're using tshark in capture mode (vs. offline, on a capture file), so you need to use a capture filter, which have their own syntax (same as tcpdump as far as I know). There's no flag needed for capture filter (no -R or -Y):
tshark -i mon0 -w /tmp/test11.pcap -a duration:15 ether src 3e:52:82:c1:2e:a9