Wireshark mailing list archives
tshark options
From: René Scheibe <rene.scheibe () googlemail com>
Date: Thu, 07 Jun 2012 20:14:52 +0200
Hi, I have 3 questions concerning tshark. 1) field aggregation With -E occurrence='a' field values can be aggregated when a field occurs multiple times. Can this aggregation be configured per field or is it only possible to do it globally for a fields? 2) dissector mapping With <layer type>==<selector>,<decode-as protocol> it can be specified which dissector to use. It's a bit unclear what is meant by "selector". I tried -d udp.port==100:200. tshark started fine but it looks like only 100 is used. Does it only support single values or can port ranges also be used? 3) performance Generating a CSV file printing some fields from a PCAP file is quite slow. Are there options or ways to speed it up? Regards, René Scheibe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark options René Scheibe (Jun 07)