Wireshark-users: Re: [Wireshark-users] use tshark to search for hex or ASCII string in packet?
From: Marc Luethi <netztier@xxxxxxxxxx>
Date: Thu, 10 Jan 2008 15:05:19 +0100
On Wed, 2008-01-09 at 16:02 -0700, Stephen Fisher wrote:
> On Wed, Jan 09, 2008 at 11:45:33PM +0100, Marc Luethi wrote:
> 
> > tshark -r file.pcap -T fields -e data
> > 
> > This yields to output in hex, which I could cope with, but it lacks 
> > the timestamp.
> 
> You could add -e frame.time to get the frame's arrival time also

That's great! Thanks a lot!

Now I still wonder if I could get ASCII-output of the data field instead
of hex? I mean ASCII in the same way as it interpreted when using -V or
-x.

I said I could cope with Hex, but it's another layer of complexity,
since I'll get the data strings to search for as ASCII, and it could
save us one conversion step.

regards

Marc