Wireshark · Wireshark-users: Re: [Wireshark-users] Parse fields from packets

["Jeroen Eeuwes" <jeroeneeuwes@xxxxxxxxx>]

Hi Jason,

> Notice the space before the pipe... I'd really like to be able to do
> this.  Any idea if this is possible?

I'm not sure why you'd want that, But if you use a character which
won't be in your field (for example tab) you can pipe it through sed
(or awk, or perl, or ..) to change it into the seperator you want.
E.g.

tshark -i eth0 -l -V port 80 -E separator='/t' -e http.host -e
http.request.uri -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport
-Tfields | sed "s/\t/ |/g"

Best regards,
Jeroen