Hi Scott,
> [...]
> However the exported data is just what is seen in the summary field and I am
> interested in listing all the fields from a Frame, Ethernet, IP header etc.
> I do not need the payload bytes.
>
> Can this be accomplished?
Yes, have a look at tshark, especially the following options:
-T pdml|ps|psml|text|fields
format of text output (def: text)
-e <field> field to print if -Tfields selected (e.g. tcp.port);
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
quote=d|s|n select double, single, no quotes for values
> Thank you.
You're welcome :-)
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> wireshark-users-request@xxxxxxxxxxxxx
> Sent: Thursday, September 06, 2007 02:34
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: Wireshark-users Digest, Vol 16, Issue 6
Please don't reply to other messages when you want to start a new
thread, it messes op threading in the archives. Please send a new
message to wireshark-users@xxxxxxxxxxxxx instead.
Thank you, :-)
Sake
