Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strip off protocol layers

From: sean bzd <seanbzd () gmail com>
Date: Tue, 7 Feb 2012 14:32:06 -0500
Thank you so much. Thats exactly what i needed. I earlier went through the
documentation for tshark but missed that option.

On Tue, Feb 7, 2012 at 1:30 PM, j.snelders <j.snelders () telfort nl> wrote:


Hi Sean,

You can use the option -O

$ tshark -h
-O protocols: Only show packet details of these protocols, comma separated

$ tshark -r Clmt_04.pcap -O http -V > clmt_04a.txt
$ tshark -r Clmt_04.pcap -O tcp,http -V > clmt_04b.txt

BTW
I'm running TShark 1.6.5

Best regards
Joke


On Tue, 7 Feb 2012 12:45:49 -0500 sean wrote:

Hi,
I'm using tshark to convert .pcap to .txt format using the -r option and
redirecting the output to a file. eg. tshark -r file.pcap -V>file.txt
The problem is that the size of the txt file is about 30x larger than the
pcap since I'm using the -V(erbose) option. I'm wondering if there is a

way

to strip off some of the protocol headers that I'm not interested in. e.g.
I want to strip off the 'Frame', 'Ethernet' and 'IP' protocol layers

before

redirecting the output to a txt. Is that possible? Another idea is to
selectively expand (Verbose) only the protocols i'm interested in. Is any
of this possible. If yes, i'd appreciate some advice. Thanks a lot.
Sean.






___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: