Wireshark mailing list archives
Reporting with Wireshark
From: "Abel, Jacob" <jabel () msconsultants com>
Date: Mon, 11 Jul 2011 15:07:40 -0400
Hello all, I'm using Wireshark to dump out capture files at regular intervals. I'm going to merge the in and out traffic together with mergecap and then I want to process the data with tshark. I only need basic information, but the PSML format doesn't provide quite enough. I need port numbers in addition to that basically. I've been trying to sort of emulate the PSML output, but need help with the filters. There are way too many and searching doesn't really help. This is what I have so far: tshark -r test.pcap -T fields -E header=y -e ip.src -e ip.dst -e udp.port -e tcp.port -e frame.len > test.txt In addition to this information, I need the time (seconds, hh:mm:ss, doesn't matter) and the protocol, for starters. It would also be nice to see the info field as well, if it exists. Thanks in advance, Jacob
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Reporting with Wireshark Abel, Jacob (Jul 11)
- Re: Reporting with Wireshark j.snelders (Jul 13)