 | 1 | initial version |
Wireshark Bugzilla is the appropriate place for feature requests.
In the interim, this script may help you. This will create a file each for every number of expert infos using tshark, so if you see an expert_infos5.pcapng, it will only have packets with 5 expert infos.
#!/usr/bin/env bash
source="/path/to/your/capture"
hits=1
i=1
while [[ $hits > 0 ]]; do
tshark -r $source -Y "count(_ws.expert.message) > ${i}" -w expert_infos${i}.pcapng
hits=$(tshark -r /tmp/expert_infos${i}.pcapng | wc -l)
i=${i}+1
done
My capture only had 1 type of expert infos per packet, so I only see one file:
$bash ls /tmp | grep export_infos expert_infos1.pcapng