Wireshark mailing list archives
Re: For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information.
From: Guy Harris <guy () alum mit edu>
Date: Wed, 14 Sep 2011 23:56:33 -0700
On Sep 13, 2011, at 4:05 PM, Yee Man Bergstrom wrote:
From http://wiki.wireshark.org/WishList For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information. This is already done in trunk as of revision 38990 unless I am missing something. You can perform the above scenario with Ø tshark –T fields –e ip –e udp –e tcp.port
Well, not exactly. The wish list request was for "-T text" (which is the default), not "-T fields". Expanding the IP and UDP sections can be done in that format with -O, but partially expanding the TCP section to show only the port can't be done that way. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information. Yee Man Bergstrom (Sep 13)
- Re: For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections and display the TCP port information. Chris Maynard (Sep 14)
- Re: For TShark, provide a way to control the output format. E.g., 'tshark -e "ip udp tcp.port"' would expand the IP and UDP sections, and display the TCP port information. Guy Harris (Sep 14)