Need equivalent query

[Vinoth S <weknowth59 () gmail com>]

Hi Team,

I am working on few exploration using tshark. Please find below command
where I am extracting few fields from .pcap file. It has been executed in
windows.

tshark.exe -r sample.pcap -E separator=, -E header=y -E occurrence=f -T
fields -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst
-e dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e
dns.a "(dns.flags.response==1) and (dns.a)" > sample.csv

I have tried in centos, it's not working. May I know what is an issue in
below command.

tshark -r sample.pcap -E separator=, -E header=y -E occurrence=f -T fields
-e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst -e
dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e
dns.a '(dns.flags.response==1) and (dns.a)' > sample.csv

*(dns.flags.response==1) and (dns.a)* => dns request has got response and
ipv4 address is not empty

If possible, please share equivalent command for centos.

Thanks,
S.Vinoth

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe