Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] How to read Read specific sub-fields in Tshark??

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Fri, 8 Aug 2008 12:55:56 +0400

Try
tshark.exe -r filename -Tfields -e frame.number -e frame.time

Manpage for more help :-)

Best regards,
Abhik

On Fri, Aug 8, 2008 at 12:45 PM, Sumant Gupta <sumant.gupta@xxxxxxxxxxx> wrote:
> Hi
>
>
>
> I am viewing the wireshark traces using tshark and then redirecting in text
> file
>
> The syntax is :
>
>
>
> Tshark.exe –r filename –V
>
> Using this all data is displayed in text format and then I redirect the
> output to text file.
>
> The Problem is how to read specific fields in these traces .
>
> Eg:
>
> In Frame field there are many sub-fields but I want to read the arrival time
> sub field and not other fields??
>
> Frame 1 (259 bytes on wire, 259 bytes captured)
>
>     Arrival Time: Jul  2, 2008 05:32:29.693651000
>
>     [Time delta from previous captured frame: 0.000000000 seconds]
>
>     [Time delta from previous displayed frame: 0.000000000 seconds]
>
>     [Time since reference or first frame: 0.000000000 seconds]
>
>     Frame Number: 1
>
>     Frame Length: 259 bytes
>
>     Capture Length: 259 bytes
>
>     [Frame is marked: False]
>
>     [Protocols in frame: eth:ip:udp:megaco]
>
> Ethernet II,
>
>
>
> Please help
>
>
>
>
>
> Sumant Gupta
>
> Software Engineer
>
> Ext:5105
>
>
>
> ________________________________
> "DISCLAIMER: This message is proprietary to Aricent and is intended solely
> for the use of the individual to whom it is addressed. It may contain
> privileged or confidential information and should not be circulated or used
> for any purpose other than for what it is intended. If you have received
> this message in error,please notify the originator immediately. If you are
> not the intended recipient, you are notified that you are strictly
> prohibited from using, copying, altering, or disclosing the contents of this
> message. Aricent accepts no responsibility forloss or damage arising from
> the use of the information transmitted by this email including damage from
> virus."
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
  • References:
    • [Wireshark-users] How to read Read specific sub-fields in Tshark??
      • From: Sumant Gupta
  • Prev by Date: [Wireshark-users] How to read Read specific sub-fields in Tshark??
  • Next by Date: Re: [Wireshark-users] Identifying application
  • Previous by thread: [Wireshark-users] How to read Read specific sub-fields in Tshark??
  • Next by thread: [Wireshark-users] Unhandled exception (group=1, code=6), tshark with -e and -T parameters
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation