How to convert Port Numbers with using -e option

[Berkay Celik <argusflow () gmail com>]

Dear List,
i'm simply using
tshark -r botnet.pcap -T fields -E separator=';' -e ip.src -e 
tcp.srcport -e ip.dst -e tcp.dstport '(tcp.flags.syn == 1 and 
tcp.flags.ack == 0)'

to see the all initiated "legal TCP" connections.  However, i need the 
destination port number conversion to "http" "netbios" etc.

i'm not using -n option, but still i get:
128.3.45.128;62259;208.233.189.150;80
This is what i'm trying to get:
128.3.45.128;62259;208.233.189.150;http
or
128.3.45.128;62259;208.233.189.150;80;http
is better option for me.

Thanks for the help,

Berkey



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe