Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Parse fields from packets

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Jeroen Eeuwes" <jeroeneeuwes@xxxxxxxxx>
Date: Sat, 7 Jul 2007 08:00:21 +0200

Hi Jason,


Notice the space before the pipe... I'd really like to be able to do
this.  Any idea if this is possible?


I'm not sure why you'd want that, But if you use a character which
won't be in your field (for example tab) you can pipe it through sed
(or awk, or perl, or ..) to change it into the seperator you want.
E.g.

tshark -i eth0 -l -V port 80 -E separator='/t' -e http.host -e
http.request.uri -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport
-Tfields | sed "s/\t/ |/g"

Best regards,
Jeroen
  • References:
    • Re: [Wireshark-users] Parse fields from packets
      • From: Jason Bush
  • Prev by Date: Re: [Wireshark-users] Parse fields from packets
  • Next by Date: Re: [Wireshark-users] SSL Decrypt
  • Previous by thread: Re: [Wireshark-users] Parse fields from packets
  • Next by thread: [Wireshark-users] I can't capture any WiMAX messages with Wireshark
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation