Wireshark mailing list archives

Re: Packet List 'Info' column


From: Nicole Powell <mznikkip () hotmail com>
Date: Thu, 29 Oct 2009 11:06:32 -0400


I got it to work with

tshark -r your_capture_file.pcap  -o column.format:"Info","%i" > output.txt
 

Thanks!


From the desk of Nicole  A. Powell.....
 





Date: Thu, 29 Oct 2009 15:27:03 +0100
From: j.snelders () telfort nl
To: wireshark-users () wireshark org
Subject: Re: [Wireshark-users] Packet List 'Info' column

Hi Nicole,

You can use TShark: http://www.wireshark.org/docs/man-pages/tshark.html

Use the option -o <preference setting> 
"No.","%m" = frame number
"Info","%i" = info column

$ tshark -r test.pcap -o column.format:'"No.","%m","Info","%i"' > info.txt
  1 Standard query A www.google.co.uk
  2 Standard query response CNAME www.google.com CNAME www.l.google.com A
74.125.77.147 A 74.125.77.99 A 74.125.77.103 A 74.125.77.104
  3 1685 > 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460
  4 80 > 1685 [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1460
  5 1685 > 80 [ACK] Seq=1 Ack=1 Win=65535 Len=0
  6 GET / HTTP/1.1
  7 80 > 1685 [ACK] Seq=1 Ack=314 Win=6432 Len=0
  8 [TCP Previous segment lost] Continuation or non-HTTP traffic
  9 [TCP Dup ACK 6#1] 1685 > 80 [ACK] Seq=314 Ack=1 Win=65535 Len=0 SLE=204
SRE=1634
 10 Continuation or non-HTTP traffic

HTH
Joan

On Thu, 29 Oct 2009 08:07:01 -0400 Nicole Powell wrote:
Subject: [Wireshark-users] Packet List 'Info' column

Is there a way to export the columns of the packet list pane (namely the
'info' column) into a txt or csv file?



       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
                                          
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread: