Wireshark · Wireshark-users: [Wireshark-users] Strip off protocol layers

Wireshark-users: [Wireshark-users] Strip off protocol layers

Date: Tue, 7 Feb 2012 12:45:49 -0500

Hi,

I'm using tshark to convert .pcap to .txt format using the -r option and redirecting the output to a file. eg. tshark -r file.pcap -V>file.txt

The problem is that the size of the txt file is about 30x larger than the pcap since I'm using the -V(erbose) option. I'm wondering if there is a way to strip off some of the protocol headers that I'm not interested in. e.g. I want to strip off the 'Frame', 'Ethernet' and 'IP' protocol layers before redirecting the output to a txt. Is that possible? Another idea is to selectively expand (Verbose) only the protocols i'm interested in. Is any of this possible. If yes, i'd appreciate some advice. Thanks a lot.

Sean.

Follow-Ups:
- Re: [Wireshark-users] Strip off protocol layers
  - From: j.snelders

Prev by Date: [Wireshark-users] How to decrypt SSL in TShark 1.6.5 (giving the key file in the parameters)?
Next by Date: Re: [Wireshark-users] Strip off protocol layers
Previous by thread: [Wireshark-users] How to decrypt SSL in TShark 1.6.5 (giving the key file in the parameters)?
Next by thread: Re: [Wireshark-users] Strip off protocol layers
Index(es):
- Date
- Thread