Wireshark mailing list archives
Re: Strip off protocol layers
From: "j.snelders" <j.snelders () telfort nl>
Date: Tue, 7 Feb 2012 19:30:07 +0100
Hi Sean, You can use the option -O $ tshark -h -O protocols: Only show packet details of these protocols, comma separated $ tshark -r Clmt_04.pcap -O http -V > clmt_04a.txt $ tshark -r Clmt_04.pcap -O tcp,http -V > clmt_04b.txt BTW I'm running TShark 1.6.5 Best regards Joke On Tue, 7 Feb 2012 12:45:49 -0500 sean wrote:
Hi, I'm using tshark to convert .pcap to .txt format using the -r option and redirecting the output to a file. eg. tshark -r file.pcap -V>file.txt The problem is that the size of the txt file is about 30x larger than the pcap since I'm using the -V(erbose) option. I'm wondering if there is a
way
to strip off some of the protocol headers that I'm not interested in. e.g. I want to strip off the 'Frame', 'Ethernet' and 'IP' protocol layers before redirecting the output to a txt. Is that possible? Another idea is to selectively expand (Verbose) only the protocols i'm interested in. Is any of this possible. If yes, i'd appreciate some advice. Thanks a lot. Sean.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Strip off protocol layers sean bzd (Feb 07)
- Re: Strip off protocol layers j.snelders (Feb 07)
- Re: Strip off protocol layers sean bzd (Feb 07)
- Re: Strip off protocol layers j.snelders (Feb 07)