Wireshark · Wireshark-dev: Re: [Wireshark-dev] For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp

Wireshark-dev: Re: [Wireshark-dev] For TShark, provide a way to control the output format. E.g.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 14 Sep 2011 23:56:33 -0700

On Sep 13, 2011, at 4:05 PM, Yee Man Bergstrom wrote:

> From http://wiki.wireshark.org/WishList
> For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information.
>  
> This is already done in trunk as of revision 38990 unless I am missing something.
>  
> You can perform the above scenario with
> Ø  tshark –T fields –e ip –e udp –e tcp.port

Well, not exactly.  The wish list request was for "-T text" (which is the default), not "-T fields".  Expanding the IP and UDP sections can be done in that format with -O, but partially expanding the TCP section to show only the port can't be done that way.

Follow-Ups:
- Re: [Wireshark-dev] For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information.
  - From: Chris Maynard

References:
- [Wireshark-dev] For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information.
  - From: Yee Man Bergstrom