Re: Help with tshark display filter

["Boonie" <newsboonie () gmail com>]

David,

Can you provide us with a PCAP that contains a few of these packets?

Dave

  ----- Original Message ----- 
  From: Starr, David 
  To: wireshark-users () wireshark org 
  Sent: Tuesday, March 09, 2010 4:33 PM
  Subject: [Wireshark-users] Help with tshark display filter


   

  I need to scan through several hundred capture files and pull out all of the 9 character ID's on certain request 
packets.

   

  I'm using the following tshark command:  tshark -r cfile0001.cap -R "data contains NETN" -Tfields -edata

   

  However, I cannot find a way in tshark to get this to output as text, only as a byte array.  I've tried 
-edata-text-lines, and various other things from the tshark man page, but so far no luck.   I just need to display the 
data as ascii text...

   

  Ideally, I would like to extract the ID's that are at a fixed byte offset..  I tried -edata[66:9] but this displayed 
only blank lines....

   

  Any help would be much appreciated!

   

   

  David

   

   



------------------------------------------------------------------------------


  ___________________________________________________________________________
  Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
  Archives:    http://www.wireshark.org/lists/wireshark-users
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
               mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe