While using tshark, I want to capture a packet that contains a specific string.
After executing tshark, I want it to stop receiving packets immediately when it receives a packet that contains the specific string and return it.
What parameters should I use to do this operation?
I think you're looking for something like trigcap, which is part of the Wireshark project, but not currently being shipped to my knowledge because it apparently doesn't work on Windows and may have problems on other platforms now too since it hasn't seen any active development in quite a long time AFAIK.
You can try to compile it yourself to see if it meets your needs. Read more about it at:
If you're on Windows, you might want to take a look at the dumpcap.bat file posted on the Wireshark wiki Tools page.
All of these solutions rely on BPF (pcap-filters), so whatever string you're looking for as your stop condition needs to somehow be manipulated into that format, which may not be easy to do.