Wireshark-users: Re: [Wireshark-users] Parse fields from packets
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Jeroen Eeuwes" <jeroeneeuwes@xxxxxxxxx>
Date: Sat, 7 Jul 2007 08:00:21 +0200
Hi Jason,


Notice the space before the pipe... I'd really like to be able to do
this.  Any idea if this is possible?


I'm not sure why you'd want that, But if you use a character which
won't be in your field (for example tab) you can pipe it through sed
(or awk, or perl, or ..) to change it into the seperator you want.
E.g.

tshark -i eth0 -l -V port 80 -E separator='/t' -e http.host -e
http.request.uri -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport
-Tfields | sed "s/\t/ |/g"

Best regards,
Jeroen