Wireshark · Wireshark-users: [Wireshark-users] question, how to output specific fields in a complex packet using tshark command l

Wireshark-users: [Wireshark-users] question, how to output specific fields in a complex packet us

Date: Mon, 12 Jul 2010 16:37:17 +0800

发件人: damker [mailto:damker@xxxxxxxx]
发送时间: 2010年7月12日 16:26
收件人: 'Wireshark-users-request@xxxxxxxxxxxxx'
主题: help,how to output specific fields in a complex packet using tshark command line

Help

The attachment is a packet captured in the Mc interface, there are 8 SCTP and upper layers, I want to output all the m3ua.protocol_data_opc, m3ua.protocol_data_dpc,h248.transactionId in every M3UA.

If put the file in d:\temp\ and using the command line below:

tshark -r d:\temp\MCNew.cap -T fields -E separator=, -e m3ua.protocol_data_opc -e m3ua.protocol_data_dpc -e h248.transactionId >d:\temp\h248.txt

it output the last m3ua.protocol_data_opc, m3ua.protocol_data_dpc,h248.transactionId,not all. how to write a correct command line to output all the fields I want?

Attachment: MCNew.cap
Description: Binary data

Follow-Ups:
- [Wireshark-users] Very strange SSH probe
  - From: Michael Glenn
- Re: [Wireshark-users] question, how to output specific fields in a complex packet using tshark command line
  - From: Martin Visser

Prev by Date: Re: [Wireshark-users] Wireshark for layer 2 ATM traffic?
Next by Date: [Wireshark-users] Very strange SSH probe
Previous by thread: Re: [Wireshark-users] how can I show the application/process that was requesting/receiving traffic on a Windows PC?
Next by thread: [Wireshark-users] Very strange SSH probe
Index(es):
- Date
- Thread