Re: [Wireshark-dev] For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information.

[Chris Maynard <Chris.Maynard () gtech com>]

Guy Harris <guy@...> writes:

> On Sep 13, 2011, at 4:05 PM, Yee Man Bergstrom wrote:
>
> > From http://wiki.wireshark.org/WishList
> > For TShark, provide a way to control the output format. E.g., 'tshark -e "ip
udp tcp.port"' would expand
> the IP and UDP sections, and display the TCP port information.
> >  
> > This is already done in trunk as of revision 38990 unless I am missing
something.
> >  
> > You can perform the above scenario with
> > Ø  tshark –T fields –e ip –e udp –e tcp.port
>
> Well, not exactly.  The wish list request was for "-T text" (which is the
default), not "-T fields". 
> Expanding the IP and UDP sections can be done in that format with -O, but
partially expanding the TCP
> section to show only the port can't be done that way.

But the -e option isn't valid without -T fields, so that implies that -T fields
was erroneously omitted in the wish list request, does it not?

Regardless, it's not currently possible to simultaneously specify -V -O
<protocol list> along with -T fields -e <field>.  The inclusion of -T fields -e
<field> overrides the -V -O <protocol list> options.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe