tshark options

[René Scheibe <rene.scheibe () googlemail com>]

Hi,

I have 3 questions concerning tshark.

1) field aggregation
With -E occurrence='a' field values can be aggregated when a field
occurs multiple times.

Can this aggregation be configured per field or is it only possible to
do it globally for a fields?

2) dissector mapping
With <layer type>==<selector>,<decode-as protocol> it can be specified
which dissector to use.

It's a bit unclear what is meant by "selector".

I tried -d udp.port==100:200. tshark started fine but it looks like only
100 is used.

Does it only support single values or can port ranges also be used?

3) performance
Generating a CSV file printing some fields from a PCAP file is quite slow.

Are there options or ways to speed it up?

Regards,
René Scheibe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe