Re: Wireshark filter list

[Sake Blok <sake () euronet nl>]

On 1 mrt 2011, at 23:52, Gilsinn, James D. wrote:

> I’m trying to find out if there’s a file somewhere that lists all of the available Wireshark filters?  I’m developing 
> an application that uses TShark to filter capture files based on certain criteria and returns with PSML files that 
> can be read and used for additional analysis.  Since I’m using TShark in a hands-off approach on Windows, I’d like to 
> be able to do some syntax checking of the filter before I start the TShark process to make sure that it doesn’t come 
> back with an error simply because someone typed “fraem” instead of “frame”.  Is there a list of all the protocol 
> filters available for use?
>  
> I’ve found the “wireshark-filter.html” file which lists all the protocols, but that would require some pretty 
> complicated processing to parse the HTML.  What I’d like to see is a text or XML file that lists all of the 
> capture/display filters in one file by themselves.  XML would probably be easier to parse, since some additional 
> fields could be added without really affecting the ease of importing the data.

You can use tshark -G for this purpose:

sake@MacSake:~$ tshark -G fields | cut -f 3 | head
ieee1722
ieee1722.cdfield
ieee1722.subtype
ieee1722.svfield
ieee1722.verfield
ieee1722.mrfield
ieee1722.gvfield
ieee1722.tvfield
ieee1722.seqnum
ieee1722.tufield
sake@MacSake:~$ 

Hope this helps,
Cheers,


Sake

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe