Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Wireshark filter list

From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 2 Mar 2011 08:29:59 +0100
On 1 mrt 2011, at 23:52, Gilsinn, James D. wrote:

> I’m trying to find out if there’s a file somewhere that lists all of the available Wireshark filters?  I’m developing an application that uses TShark to filter capture files based on certain criteria and returns with PSML files that can be read and used for additional analysis.  Since I’m using TShark in a hands-off approach on Windows, I’d like to be able to do some syntax checking of the filter before I start the TShark process to make sure that it doesn’t come back with an error simply because someone typed “fraem” instead of “frame”.  Is there a list of all the protocol filters available for use?
>  
> I’ve found the “wireshark-filter.html” file which lists all the protocols, but that would require some pretty complicated processing to parse the HTML.  What I’d like to see is a text or XML file that lists all of the capture/display filters in one file by themselves.  XML would probably be easier to parse, since some additional fields could be added without really affecting the ease of importing the data.

You can use tshark -G for this purpose:

sake@MacSake:~$ tshark -G fields | cut -f 3 | head
ieee1722
ieee1722.cdfield
ieee1722.subtype
ieee1722.svfield
ieee1722.verfield
ieee1722.mrfield
ieee1722.gvfield
ieee1722.tvfield
ieee1722.seqnum
ieee1722.tufield
sake@MacSake:~$ 

Hope this helps,
Cheers,


Sake