Wireshark · Wireshark-users: [Wireshark-users] tshark output

Wireshark-users: [Wireshark-users] tshark output

From: Chris Henderson <henders254@xxxxxxxxx>

Date: Tue, 24 Mar 2009 13:58:40 +1100

I'm trying to get the tshark output (MAC addresses) to a file but the
output of tshark -i eth0 -n port 68 -R 'bootp.type == 2' -o
column.format:'"Source MAC","%hs"' is different from the output of
tshark -i eth0 -n port 68 -R 'bootp.type == 2' -o
column.format:'"Source MAC","%hs"' -w /tmp/mac

In the latter I get number, time, ip -> ip, DHCP, transaction ID - all
of which I don't need. In the former, I only get the MAC address which
I need. Is there any way to dump only the MAC address to an output
file?

Thanks.

Follow-Ups:
- Re: [Wireshark-users] tshark output
  - From: Stephen Fisher

Prev by Date: [Wireshark-users] tshark - less verbose output
Next by Date: Re: [Wireshark-users] tshark output
Previous by thread: [Wireshark-users] tshark - less verbose output
Next by thread: Re: [Wireshark-users] tshark output
Index(es):
- Date
- Thread