On Sun, 16 Nov 2008 02:44:07 -0800 (PST) Maryam Homayouni wrote:
>Hi Joan,
>thank you for your response, I have some more questions on your command,
>1 Is "-r *.cap" necessary
No, only when you want to use an inputfile.
>or I can capture or display online traffic?
You can use -w or > to set an output filename.
If you do not define an output filename, the output is send to the screen.
>2 If for xample I need to log SIP traffic, can I use the options exist in
>this column.c
>file or I must add some things more? I mean isn't there any need to use
-T
>or -e options to log for example specific sip packet's field which I am
>interested in?
I thought you were only looking for frame number and (delta)time.
Does the following suit your needs?
Sample capture: sip_dtmf2.cap
http://wiki.wireshark.org/SampleCaptures#head-6f6128a524888c86ee322aa7cbf0d7b7a8fdf353
$ tshark -r sip_dtmf2.cap -R sip.display.info -T fields -e frame.number -e
frame.time_delta -e sip.display.info -E header=y
frame.number frame.time_delta sip.display.info
1 0.000000000 \"2503\"
2 0.000639000 2503
3 0.031547000 \"2503\"
4 9.968255000 \"2502\"
5 0.001292000 2502
6 0.031611000 \"2502\"
7 25.969412000 2502
8 0.000434000 2502
9 0.016668000 2502
10 0.004848000 2502
11 3.978279000 \"2504\"
12 0.000491000 2504
<snip>
For a live capture:
$ tshark -i 2 -R "sip.display.info" -T fields -e frame.number -e frame.time_delta
-e sip.display.info -E header=y
frame.number frame.time_delta sip.display.info
>3 and finally it does not seed that I can write the fields' names beside
>values? I mean you log some parameters and set their place in your output
>file, but can I write my desired field name for each of parameters logged?
AFAIK you can only use the option -E header=y|n, when -T fields are selected.
HTH
Joan
