Wireshark-users: Re: [Wireshark-users] Export files with delimiters

From: j.snelders@xxxxxxxxxx
Date: Wed, 4 Feb 2009 17:13:13 +0100

Hi

Or you can use TShark.
Use the option -T fields -e ... to select the fields.

Use the option -E separator=' ' to set a separator:
/t = tab
/s = space
or other characters

$ tshark -r test.cap -T fields -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport
-E separator=':' > test.txt

$ cat test.txt | head -n 3
192.168.1.5:81.23.231.151:1527:80
81.23.231.151:192.168.1.5:80:1527
192.168.1.5:81.23.231.151:1527:80

$ tshark -r test.cap -T fields -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport
-E separator='/t' > test.txt

$ cat test.txt | head -n3
192.168.1.5     81.23.231.151   1527    80
81.23.231.151   192.168.1.5     80      1527
192.168.1.5     81.23.231.151   1527    80

You'll find more info at the man pages:
http://www.wireshark.org/docs/man-pages/tshark.html

HTH
Joan


On Wed, 04 Feb 2009 07:00:15 +0100 Jaap Keuter wrote:
>Hi,
>
>What's wrong with export as CSV ?
>
>Thanx,
>Jaap
>
>rkruz@xxxxxxx wrote:
>> Is there a way to export files or "save as" as a simple text file with
>delimiters for each column? Currently there are only spaces between columns.
>I want to export the time data to a spreadsheet to perform analysis. I have
>tried all the export and save as options with no luck.
>> thanks for any tips
>
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe