Wireshark-dev: Re: [Wireshark-dev] For TShark, provide a way to control the output format. E.g.
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 14 Sep 2011 23:56:33 -0700
On Sep 13, 2011, at 4:05 PM, Yee Man Bergstrom wrote:

> From http://wiki.wireshark.org/WishList
> For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information.
>  
> This is already done in trunk as of revision 38990 unless I am missing something.
>  
> You can perform the above scenario with
> Ø  tshark –T fields –e ip –e udp –e tcp.port

Well, not exactly.  The wish list request was for "-T text" (which is the default), not "-T fields".  Expanding the IP and UDP sections can be done in that format with -O, but partially expanding the TCP section to show only the port can't be done that way.