Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

tshark export “Frame Check Sequence” field

From: jem last <jlast20 () gmail com>
Date: Thu, 3 Jun 2010 22:34:32 +0100
Hi,

I have a trace that carries information that I need to process in the
Ethernet II Subtree, that are the “Trailer” and the “Frame Check Sequence”
fields.

When using “tshark” to export to a CSV file, I’m being able to export all
the additional data I need, but from the two filed indicate before, only
“Trailer” it’s possible to export because it’s the only one that can be
characterized by a filter (“eth.trailer”). For the “Frame Check Sequence”
there is no filter available and so there is no possibility to identify the
tshark option “-e” with it.

The tshark options I’m using are the following, where the “Frame Check
Sequence” is missing because the filter impossibility, is the follwoing:

tshark -r http_testfile.pcap -T fields -e frame.number -e frame.date -e
frame.time -e frame.time_delta -e frame.len -e vlan.id -e ip.proto -e ip.src
-e ip.dst -e ip.dsfield -e ip.dsfield.dscp -e ip.flags -e ip.frag_offset -e
ip.ttl -e ip.len -e tcp.stream -e tcp.srcport -e tcp.dstport -e tcp.seq -e
tcp.hdr_len -e tcp.ack -e tcp.window_size -e tcp.analysis.ack_rtt -e
tcp.analysis.acks_frame -e tcp.analysis.lost_segment -e data.len -e
tcp.flags -e tcp.options.mss_val -e eth.trailer -E header=y -E separator=";"

 http_testfile.csv


There is an option where tshark export the “Frame Check Sequence”, but this
is a PDML file will al the packets extended information, so I need to create
a parser to remove the packet number and the correspondent “Frame Check
Sequence” to be able to correlated it with the previous CSV file, and
include a new column with the “Frame Check Sequence” values.

tshark -r http_testfile.pcap -T pdml > http_testfile.txt

Output example:

<field name="" show="Frame check sequence: 0x1b6e5da0(…)>

Do you know any way to collect the “Frame Check Sequence” field to a CSV
file?

Thanks in advanced.

Pedro

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: