Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] wireshark extract specific field

From: "paritosh kulkarni" <paritosh26@xxxxxxxxx>
Date: Tue, 26 Aug 2008 17:48:07 +0100
Hi joan,
 
Thanks for the typo mistakes...but still i get this error message.
I tried it without the flag fileds and it works but when i pit tcp.flags command it gives me the error.
 
Pari

 
On 8/25/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
Hi Pari,

You used this command:
tshark -o column.format: ""No.", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", ""srcport", "%uS", "dstport", "%uD", "Len", "%L",
"tcp.flags.ack", "%Cust:tcp.flags.ack", "tcp.flags.syn", "%Cust:tcp.flags.syn""
-r scam13.cap | head > scam.csv

"No.", -> "No.", "%m" (missing "%m")
""srcport",  -> "srcport" (skip one ")
"%Cust:tcp.flags.ack", -> "%Cus:tcp.flags.ack", (Cus in stead of Cust)
"%Cust:tcp.flags.syn", -> "%Cus:tcp.flags.syn", (Cus in stead of Cust)

These typo's were causing the error "Invalid -o flag "column.format"".

Like I mentioned before, the "tcp.flags" don't show the boolean value of
the tcp.flags (just "set" if the flags are present; it doesn't mather whether
the value is "0" or "1").

I've used this one:
tshark -o column.format:""No.", "%m", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", "srcport", "%uS", "dstport", "%uD", "len", "%L",
"tcp.flags.ack", "%Cus:tcp.flags.ack", "tcp.flags.syn", "%Cus:tcp.flags.syn""
-r <yourfile>.cap

It also works on Ubuntu ;-)

Grtz
Joan


On Thu, 21 Aug 2008 15:50:06 +0100 paritosh kulkarni wrote:
> Hi Joan,
> This is the command i tried even on ubuntu linux
>
> tshark -o column.format: ""No.", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", ""srcport", "%uS", "dstport", "%uD", "Len", "%L",
"tcp.flags.ack", "%Cust:tcp.flags.ack", "tcp.flags.syn", "%Cust:tcp.flags.syn""
-r scam13.cap | head > scam.csv
> tshark: Invalid -o flag "column.format:"

<snip>




_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users