Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5673] New: Add Info Column output option when using -T fie

Date: Wed, 9 Feb 2011 10:33:32 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5673

           Summary: Add Info Column output option when using -T fields to
                    export packet data
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jcox@xxxxxxxxxxxxxxxxx


Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Currently I run a regular process that looks like this:

tshark -nr $1 -T fields -E separator=/t -e frame.time -e frame.protocols -e
ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e
eth.src -e ip.flags -e tcp.flags -e frame.len -e arp.duplicate-address-detected
-e tcp.stream -e ip.proto > output.txt

I read a Pcap file in, and dump relevant information out into a tab delimited
text file, which is then imported into a MySQL database.  I would really like
to export the Info Column data.  After reading and searching the email lists,
Iv noticed there is no way to do this when using the -T fields option.  I have
also noticed that several others would like to do this as well.  

Could we possibly add a -e frame.info (or) -e expert.info (or) -e
wireshark.info that exports the COL_INFO var in the -T fields mode.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.