Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reporting with Wireshark

From: "j.snelders" <j.snelders () telfort nl>
Date: Wed, 13 Jul 2011 21:52:35 +0200

Hi Jacob,

-T fields
$ tshark -r test.pcap -R "frame.number<40" -T fields -e frame.number -e frame.time
-e frame.time_delta -e frame.time_delta_displayed -e frame.time_relative
-E header=y

You can use -o column.format to print other columns:
$ tshark -r test.pcap -R "frame.number<40" -o column.format:""No.","%m",
"Time", "%t", "Time", "%Yt", "Time", "%Tt", "Time", "%Rt", "Source", "%s",
"Destination", "%d", "Protocol", "%p", "tcp.port", "%Cus:tcp.port", "udp.port",
"%Cus:udp.port", "Len", "%L", "Info","%i"" -T psml

For time formats take a look at:
http://anonsvn.wireshark.org/wireshark/trunk/epan/column.c
"%Yt",          /* 1) COL_ABS_DATE_TIME */
"%At",          /* 2) COL_ABS_TIME */

"%Tt",          /* 11) COL_DELTA_TIME */
"%dct",         /* 12) COL_DELTA_CONV_TIME */
"%Gt",          /* 13) COL_DELTA_TIME_DIS */

"%Rt",          /* 49) COL_REL_TIME */
"%rct",         /* 50) COL_REL_CONV_TIME */

"%t",           /* 58) COL_CLS_TIME */

Hope this helps
Joke


On Mon, 11 Jul 2011 15:07:40 -0400 Abel, Jacob wrote:

Hello all,



I'm using Wireshark to dump out capture files at regular intervals. I'm
going to merge the in and out traffic together with mergecap and then I
want to process the data with tshark. I only need basic information, but
the PSML format doesn't provide quite enough. I need port numbers in
addition to that basically. I've been trying to sort of emulate the PSML
output, but need help with the filters. There are way too many and
searching doesn't really help. This is what I have so far:



tshark -r test.pcap -T fields -E header=y -e ip.src -e ip.dst -e
udp.port -e tcp.port -e frame.len > test.txt



In addition to this information, I need the time (seconds, hh:mm:ss,
doesn't matter) and the protocol, for starters. It would also be nice to
see the info field as well, if it exists.



Thanks in advance,

Jacob



       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: