Greetings to all,
I am writing a script for some packet processing and I would like to
use wireshark/tshark to identify the protocol. I need write source ip,
source port, destination ip, destination port, and the protocol
identification for every packet from the given pcap file. I though
about using tshar with -e parameter:
tshark -T fields -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e protocol
Unfortunatelly I was not able to wind the name of the field, that
contains the result of the protocol identification. I would be
gratefull If somebody could tell me the correct name of the field with
the information about recognised protocol.
Thank you very much
--
Jan Kastil
galloth@xxxxxxxxx
