 | 1 | initial version |
tshark is good for exporting fields:
~$ tshark -r ./output.pcap -T fields -e frame.number -e tcp.flags.str -Y tcp.flags.str 50 ·······A···F 51 ·······AP··· 52 ·······AP··· 53 ·······A···· ...
Adding the -Y option with the field name prevents printing blank lines for frames that don't include the field.
