Wireshark mailing list archives

Re: tshark display filter / info

From: "j.snelders" <j.snelders () telfort nl>
Date: Sun, 30 Oct 2011 19:04:55 +0100

Hi Stuart,

The Info column is not a filterable field.

But Network Monitor can do the trick:
http://www.lovemytool.com/blog/2011/03/microsoft-network-monitor-34-search-the-description-column-by-joke-snelders.html


My best
joke

On Sun, 30 Oct 2011 10:38:41 -0700 Stuart Kendrick wrote:

How do I persuade tshark to display what Wireshark calls the 'Info' or 'Information'
column?

This shows up by default (in this case, as the text beginning with 'SSH...'
or 'TCP...')

guru> tshark -r server.pcap | more
 1   0.000000 10.12.5.123 -> 10.12.18.116 SSH Encrypted response packet
len=68
 2   0.010257 10.12.18.116 -> 10.12.5.123 TCP 49280 > ssh [ACK] Seq=1 Ack=69
Win=255 Len=0
 3   0.260510 10.12.5.123 -> 10.12.18.116 SSH Encrypted response packet
len=52

But when I specify fields:
tshark -r server.pcap -T fields -e frame.number -e ip.src -e ip.dst -e info

What string identifies the 'Info' column?  Clearly not 'info' or 'information'
...

--sk

Stuart Kendrick
FHCRC



       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

tshark display filter / info Stuart Kendrick (Oct 30)
- Re: tshark display filter / info j.snelders (Oct 30)
  - Re: tshark display filter / info Chris Maynard (Oct 31)
- Re: tshark display filter / info Stephen Fisher (Oct 31)