I would like to capture database name, userid and passwords into JSON file. I would like to get the following output:
In above image: DB is database name, dbpw is password and db2inst1 is userid.
In tshark I have written bellow command:
tshark.exe -i 6 -f "tcp dst port 60127" -Y "drda.param.codepoint == 0x11a1" -T json -e "drda.param.codepoint" -e "drda.param.data.ebcdic" > c:\temp\wireshark.json
At the same time I captured traffic in Wireshark 4.0.4 just to get the same data graphically, because it is easier to imagine which data are captured.
Bellow image: - left side (Wireshark) - right side (tshark)
Problem is I get too much data. How to write display filter in tshark to only get the data I want (first image in this post)? Thanks