Wireshark · Wireshark-users: Re: [Wireshark-users] Print wireshark option from command

Wireshark-users: Re: [Wireshark-users] Print wireshark option from command

From: "Hashmat Khan" <hashmat.email@xxxxxxxxx>

Date: Tue, 16 Dec 2008 13:37:53 +0530

Thanks.
But how do I get this kind of output:
117.97.37.213         217.1.176.55          CLEARCASE 600      371       0x39de (14814)
117.97.37.213         202.56.250.5          DNS      2420     53        0x39df (14815)
117.97.37.213         255.255.255.255       DHCP     68       67        0x39e0 (14816)
117.97.37.213         202.56.250.6          DNS      2420     53        0x39e1 (14817)
117.97.37.213         202.56.250.5          DNS      2420     53        0x39e2 (14818)
117.97.37.213         202.56.250.5          DNS      2420     53        0x39e3 (14819)
117.97.37.213         202.56.250.6          DNS      2420     53        0x39e4 (14820)
117.97.37.213         255.255.255.255       DHCP     68       67        0x39e5 (14821)

I want to print any source ip followed by any dest ip followed by protocol type followed by src port, dest port and finally ip header identification. To start with I tried this:
tshark -e ip.src -e ip.dst -E separator=/s -T text -r my_dns.pcap

but it complained:
tshark: Output fields were specified with "-e", but "-Tfields" was not specified.

thanks,
Hashmat

On Mon, Dec 15, 2008 at 9:20 PM, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:

I think what you are looking for is already available in the form of
tshark. Try "Help > Manual Pages > tshark".

On Mon, Dec 15, 2008 at 6:13 PM, Hashmat Khan <hashmat.email@xxxxxxxxx> wrote:
> Hi,
>
> In the interface under File, we have Print.
>
> I want to run this from command prompt something like this:
> wireshark.exe -PRINT print_format example.pcap -output filename
>
> where print_format would give the format that is the File:Print options
> which include packet range and packet format etc.
>
> thank you,
> Hashmat
>

> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Print wireshark option from command
  - From: Guy Harris
- Re: [Wireshark-users] Print wireshark option from command
  - From: Stephen Fisher

References:
- [Wireshark-users] Print wireshark option from command
  - From: Hashmat Khan
- Re: [Wireshark-users] Print wireshark option from command
  - From: Abhik Sarkar

Prev by Date: [Wireshark-users] bug #2953
Next by Date: Re: [Wireshark-users] Print wireshark option from command
Previous by thread: Re: [Wireshark-users] Print wireshark option from command
Next by thread: Re: [Wireshark-users] Print wireshark option from command
Index(es):
- Date
- Thread