Reporting with Wireshark

["Abel, Jacob" <jabel () msconsultants com>]

Hello all,

 

I'm using Wireshark to dump out capture files at regular intervals. I'm
going to merge the in and out traffic together with mergecap and then I
want to process the data with tshark. I only need basic information, but
the PSML format doesn't provide quite enough. I need port numbers in
addition to that basically. I've been trying to sort of emulate the PSML
output, but need help with the filters. There are way too many and
searching doesn't really help. This is what I have so far:

 

tshark -r test.pcap -T fields -E header=y -e ip.src -e ip.dst -e
udp.port -e tcp.port -e frame.len > test.txt

 

In addition to this information, I need the time (seconds, hh:mm:ss,
doesn't matter) and the protocol, for starters. It would also be nice to
see the info field as well, if it exists.

 

Thanks in advance,

Jacob

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe