Wireshark · Wireshark-users: Re: [Wireshark-users] Tshark output format options using -o and -E

Wireshark-users: Re: [Wireshark-users] Tshark output format options using -o and -E

Date: Wed, 15 Jul 2009 17:50:34 +0200

Hi,

You can use -T fields:
$ tshark -r test.pcap -T fields -e frame.number -e ip.src -e ip.dst -e tcp.srcport
-e tcp.dstport -E header=y > test.txt

Output:
frame.number    ip.src  ip.dst  tcp.srcport     tcp.dstport
1       192.168.1.6     212.54.40.25
2       212.54.40.25    192.168.1.6
3       192.168.1.6     74.125.77.147   1685    80
4       74.125.77.147   192.168.1.6     80      1685
5       192.168.1.6     74.125.77.147   1685    80
6       192.168.1.6     74.125.77.147   1685    80
7       74.125.77.147   192.168.1.6     80      1685
8       74.125.77.147   192.168.1.6     80      1685
9       192.168.1.6     74.125.77.147   1685    80


Hope this helps
Joan


On Tue, 14 Jul 2009 12:35:27 -0700 White, Cowana wrote:
>I am trying to open a pcap file, format the columns, add a header and
>separator (tab) and then export it as a .txt. There doesn't seem to be a
>way to do this using -o for the column format, and -E for the separator
>and headers.
> 
>Is there any other way to achieve the desired result?
> 
>I'm using "> testing.txt" to output the result
> 
>Any help/insight you could offer would be greatly appreciated!

References:
- [Wireshark-users] Tshark output format options using -o and -E
  - From: White, Cowana

Prev by Date: Re: [Wireshark-users] Network Analysis Training
Next by Date: Re: [Wireshark-users] Network Analysis Training
Previous by thread: [Wireshark-users] Tshark output format options using -o and -E
Next by thread: [Wireshark-users] Problem filter 802.11 channel
Index(es):
- Date
- Thread