If what you want is to have some trees collapsed that is not
possible... and since that would involve a serious re-engineering of
the core functionality I do not think that will be possible for a
while.
grep, sed and awk are your friends so are perl an python...
On Thu, Sep 25, 2008 at 9:04 PM, Felipe Carlo <felipe.cts1@xxxxxxxxx> wrote:
> Hello,
>
> One question, I want to export as plain text file as displayed (option in
> export > as plain text > as displayed in wireshark) in tshark but I just can
> export in expanded mode, any suggestion???
>
> Thanks a lot for all !!!
>
> Best regards!
>
>
> 2008/9/25 NADEZHDA PLOTNIKOVA <nadek@xxxxxxxxxxxxxx>
>>
>> Thank you a lot !! I've found some useful options in tshark doc
>> already (and came over with the "partually satisfying" comm line) but a real
>> life expertise is much more appreciated and valuable! I used new developer's
>> version of WireShark 1.1.0 and it took me 15 minutes to convert the cap
>> file to a text format! that's why I have switched to tshark; also it is much
>> more convinient to use tshark in overnight tests...which I am currently to
>> write:)
>> Will continue using tshark!!!
>> --- On Wed, 24/9/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
>>
>> From: j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx>
>> Subject: Re: [Wireshark-users] Wireshark GUI in tshark
>> To: wireshark-users@xxxxxxxxxxxxx
>> Date: Wednesday, 24 September, 2008, 8:58 PM
>>
>> On Tue, 23 Sep 2008 17:30:59 +0000 (GMT) NADEZHDA PLOTNIKOVA wrote:
>>
>> > I would like to use tshark for my data capturing but so far used
>> > Wireshark
>> GUI only.
>> > so I need some advise on how to do the following (to start with, then
>> I'll
>> get the idea).
>> > Basically i need the script for the following:
>> > WireShark->Capture->Options
>> > Capture---
>> > Interface ? ethXX
>> > Link layer ? Ethernet
>> > Capture files----
>> > the directory and file name to put data in
>> > Stop capture----> After 20 sec
>> > Next is to press start;
>>
>> Use tshark -D to print a list of interfaces
>> $ tshark -D
>> 1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN
>> capture)
>> 2. \Device\NPF_{059B8888-3D72-4D13-8BC4-7686E3569DDB} (Broadcom
>> NetXtreme
>> Gigabit Ethernet Driver (Microsoft's Packet Scheduler) )
>> 3. \Device\NPF_{96F446AD-9709-45DA-95C6-1B92778311A5} (VMware Virtual
>> Ethernet
>> Adapter)
>> 4. \Device\NPF_{CAA815AD-EB16-4186-8C1B-A04E324963AD} (VMware Virtual
>> Ethernet
>> Adapter)
>>
>> $ tshark -i 2 -a duration:20 -w file.cap
>> -i 2 = select interface
>> -a duration:20 = stop after 20 seconds
>> -w file.cap = set the output filename
>>
>>
>> > Then my workload finished and I need to press stop button on main panel
>> on WireShark
>> > After that I need to convert file (or, if tshark supports text output -
>> that'd be fine!):
>> > WS->File->Export
>> > Browse and define NEW file name a-la oldFile.txt
>> > Packet range---
>> > All packets
>> > Packet format----
>> > Summary lane ON
>> > Packet details ON
>> > As displayed or expanded
>> > Packet bytes ON
>>
>> $ tshark -r file.cap > file.txt
>> $ tshark -r file.cap -T text > file.txt
>> Output: summary lines
>>
>> $ tshark -r file.cap -T text -V > file.txt
>> Output: packet details
>>
>> $ tshark -r file.cap -T text -x > file.txt
>> Output: summary lines and packet bytes
>>
>> $ tshark -r file.cap -T text -Vx > file.txt
>> Output: packet details and packet bytes
>>
>> It's a bit strange. There are various ways to print the summary lines.
>> You can use the options -V and -x to add output of the packet details and
>> bytes.
>> In case of *-T text -x* the summary lines are printed.
>> In case of *-T text -Vx* the summary lines are not printed.
>>
>> BTW I'm on version TShark 1.0.3 (SVN Rev 26134)
>>
>> HTH
>> Joan
>>
>>
>>
>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>
>
>
> --
> Felipe Carlo Trepichio dos Santos
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
