Wireshark mailing list archives
Re: How do I slightly tweak the text output options of tshark?
From: Eric Howard <ehoward () bbg gov>
Date: Wed, 20 Jul 2011 11:47:53 -0400
Jaap, thanks for your answer. How do I deconstruct the standard output to find out the columns that are already being displayed? -- Eric -- On 07/20/2011 11:09 AM, Jaap Keuter wrote:
On Wed, 20 Jul 2011 09:52:42 -0400, Eric Howard wrote:Hi. I love the functionality that wireshark gives me. I am trying to log DNS transactions. The stand text display gives me most of what I want. For example: [root@myserv~]# tshark -tad port 53 Running as user "root" and group "root". This could be dangerous. Capturing on eth0 2011-07-20 09:46:46.971987 152.75.52.18 -> 152.75.73.251 DNS Standard query A www.yahoo.com [1] 2011-07-20 09:46:46.972226 152.75.73.251 -> 152.75.52.18 DNS Standard query response CNAME fp.wg1.b.yahoo.com CNAME any-fp.wa1.b.yahoo.com A 69.147.125.65 A 67.195.160.76 However, I want to somehow capture queries and responses into a database base and need a way to associate the query and response data. In the above example I get a CNAME result but need to also record the fact the original request was for 'www.yahoo.com [2]' I believe that "dns.id" field would allow me to associate the query and response. Is there an easy way to modify the standard output to append this single field or do I have to write an extremely complicated fields directive to create the standard output with the additional field? Thanks for your help! -- Eric --Hi, Have a look at custom columns. You can show there (almost) anything. Thanks, Jaap ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How do I slightly tweak the text output options of tshark? Eric Howard (Jul 20)
- Re: How do I slightly tweak the text output options of tshark? Jaap Keuter (Jul 20)
- Re: How do I slightly tweak the text output options of tshark? Eric Howard (Jul 20)
- Re: How do I slightly tweak the text output options of tshark? Eric Howard (Jul 20)
- Re: How do I slightly tweak the text output options of tshark? j.snelders (Jul 20)
- Re: How do I slightly tweak the text output options of tshark? Jaap Keuter (Jul 20)