Wireshark-users: Re: [Wireshark-users] Wireshark GUI in tshark
From: "Felipe Carlo" <felipe.cts1@xxxxxxxxx>
Date: Thu, 25 Sep 2008 16:04:45 -0300
Hello,
One question, I want to export as plain text file as displayed (option in export > as plain text > as displayed in wireshark) in tshark but I just can export in expanded mode, any suggestion???
Thanks a lot for all !!!
Best regards!
--
Felipe Carlo Trepichio dos Santos
One question, I want to export as plain text file as displayed (option in export > as plain text > as displayed in wireshark) in tshark but I just can export in expanded mode, any suggestion???
Thanks a lot for all !!!
Best regards!
2008/9/25 NADEZHDA PLOTNIKOVA <nadek@xxxxxxxxxxxxxx>
Thank you a lot !! I've found some useful options in tshark doc already (and came over with the "partually satisfying" comm line) but a real life expertise is much more appreciated and valuable! I used new developer's version of WireShark 1.1.0 and it took me 15 minutes to convert the cap file to a text format! that's why I have switched to tshark; also it is much more convinient to use tshark in overnight tests...which I am currently to write:)
Will continue using tshark!!!
--- On Wed, 24/9/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
From: j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx>
Subject: Re: [Wireshark-users] Wireshark GUI in tshark
To: wireshark-users@xxxxxxxxxxxxx
Date: Wednesday, 24 September, 2008, 8:58 PMOn Tue, 23 Sep 2008 17:30:59 +0000 (GMT) NADEZHDA PLOTNIKOVA wrote: > I would like to use tshark for my data capturing but so far used Wireshark GUI only. > so I need some advise on how to do the following (to start with, then I'll get the idea). > Basically i need the script for the following: > WireShark->Capture->Options > Capture--- > Interface ? ethXX > Link layer ? Ethernet > Capture files---- > the directory and file name to put data in > Stop capture----> After 20 sec > Next is to press start; Use tshark -D to print a list of interfaces $ tshark -D 1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN capture) 2. \Device\NPF_{059B8888-3D72-4D13-8BC4-7686E3569DDB} (Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler) ) 3. \Device\NPF_{96F446AD-9709-45DA-95C6-1B92778311A5} (VMware Virtual Ethernet Adapter) 4. \Device\NPF_{CAA815AD-EB16-4186-8C1B-A04E324963AD} (VMware Virtual Ethernet Adapter) $ tshark -i 2 -a duration:20 -w file.cap -i 2 = select interface -a duration:20 = stop after 20 seconds -w file.cap = set the output filename > Then my workload finished and I need to press stop button on main panel on WireShark > After that I need to convert file (or, if tshark supports text output - that'd be fine!): > WS->File->Export > Browse and define NEW file name a-la oldFile.txt > Packet range--- > All packets > Packet format---- > Summary lane ON > Packet details ON > As displayed or expanded > Packet bytes ON $ tshark -r file.cap > file.txt $ tshark -r file.cap -T text > file.txt Output: summary lines $ tshark -r file.cap -T text -V > file.txt Output: packet details $ tshark -r file.cap -T text -x > file.txt Output: summary lines and packet bytes $ tshark -r file.cap -T text -Vx > file.txt Output: packet details and packet bytes It's a bit strange. There are various ways to print the summary lines. You can use the options -V and -x to add output of the packet details and bytes. In case of *-T text -x* the summary lines are printed. In case of *-T text -Vx* the summary lines are not printed. BTW I'm on version TShark 1.0.3 (SVN Rev 26134) HTH Joan _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
--
Felipe Carlo Trepichio dos Santos
- Follow-Ups:
- Re: [Wireshark-users] Wireshark GUI in tshark
- From: Luis EG Ontanon
- Re: [Wireshark-users] Wireshark GUI in tshark
- References:
- Re: [Wireshark-users] Wireshark GUI in tshark
- From: j . snelders
- Re: [Wireshark-users] Wireshark GUI in tshark
- From: NADEZHDA PLOTNIKOVA
- Re: [Wireshark-users] Wireshark GUI in tshark
- Prev by Date: Re: [Wireshark-users] Modbus Encapsulated Interface Transport
- Next by Date: Re: [Wireshark-users] Good tools for pcap summary info, etc.?
- Previous by thread: Re: [Wireshark-users] Wireshark GUI in tshark
- Next by thread: Re: [Wireshark-users] Wireshark GUI in tshark
- Index(es):
- Get Wireshark
- Download
- Code of Conduct