Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Filtering / Exporting Fields of a Protocol

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Sake Blok <sake@xxxxxxxxxx>
Date: Sun, 4 May 2008 12:08:50 +0200

On Fri, May 02, 2008 at 01:19:00PM -0700, Barry Constantine wrote:
> 
> Right now, I do basic packet filtering at the command line tshark and
> output to plain text file.  Then I wrote a simple perl script to further
> filter out the fields of interest.

Have you taken a look at the "-T fields" output format of tshark?

>From "tshark -h":

-T pdml|ps|psml|text|fields
			 format of text output (def: text)
-e <field>               field to print if -Tfields selected (e.g. tcp.port);
			 this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
  header=y|n             switch headers on and off
  separator=/t|/s|<char> select tab, space, printable character as separator
  quote=d|s|n            select double, single, no quotes for values

Cheers,
    Sake
  • References:
    • [Wireshark-users] Filtering / Exporting Fields of a Protocol
      • From: Barry Constantine
  • Prev by Date: [Wireshark-users] decoding packet data payload?
  • Next by Date: Re: [Wireshark-users] decoding packet data payload?
  • Previous by thread: [Wireshark-users] Filtering / Exporting Fields of a Protocol
  • Next by thread: [Wireshark-users] Capture hardware
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation