Wireshark-dev: Re: [Wireshark-dev] Extracting filter
From: Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>
Date: Thu, 5 Apr 2018 11:02:29 +0200
That's great, it's exactly what I was looking for. Thanks!

On Thu, Apr 5, 2018 at 9:06 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Dario,

2018-04-05 8:57 GMT+02:00 Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>:
Hi
I need to extract all the display filters to have a list with

<proto> <filter> <type>

example

dns dns.a6.address_suffix FT_IPv6
dns dns.a6.prefix_len FT_UINT8
dns dns.a6.prefix_name FT_STRING
dns dns.aaaa FT_IPv6
dns dns.afsdb.hostname FT_STRING
dns dns.afsdb.subtype FT_UINT16
dns dns.a FT_IPv4
dns dns.apl.address_family FT_UINT16
dns dns.apl.afdlength FT_UINT8
dns dns.apl.afdpart.data FT_BYTES

I've already done it by monkey patching tshark, but I was wondering if there is a way to do that without changing the code.
Any suggestion?

You can try parsing the output of tshark -G fields.

Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe