Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2020-03-13 19:50:46 +0000

menticol gravatar image

To expand the answer a little more and for future reference, I leave you with the working examples I made using your suggestions:

"C:\Program Files\Wireshark\tshark" -r "C:\Temp\172.27.242.215\Pcap\20191101_00_15-MIRR-BKP.pcap" -Y "(gsm_old.localValue==46)&&(e164.msisdn=="525588420125")||(gsm_sms.tp-da=="5588420125")||(e164.msisdn=="526682370037")||(gsm_sms.tp-da=="6682370037")" -T fields -E header=y -E "separator=~", -e frame.number -e frame.time -e smpp.sequence_number -e smpp.message_id -e _ws.col.Info -e tcap.tid -e tcap.otid -e e164.msisdn -e gsm_sms.tp-da -e gsm_sms.sms_text>"C:\Temp\172.27.242.215\Csv\20191101_00_15-MIRR-BKP.pcap.csv"

The parenthesis can also be used for single parameters

"C:\Program Files\Wireshark\tshark" -r "C:\Temp\172.27.242.215\Pcap\20191104_11_55-MIRR-BKP.pcap" -Y "(tcap.tid=="85:64")" -w "C:\Temp\172.27.242.215\Csv\20191104_11_55-MIRR-BKP_caso_2.pcap" -F pcap

Thank you again Jim, grahamb and bubbasnmp for you input guys, without your help my project would have failed.

click to hide/show revision 2
No.2 Revision

updated 2020-03-14 14:02:44 +0000

grahamb gravatar image

To expand the answer a little more and for future reference, I leave you with the working examples I made using your suggestions:

"C:\Program Files\Wireshark\tshark" Files\Wireshark\tshark"
-r "C:\Temp\172.27.242.215\Pcap\20191101_00_15-MIRR-BKP.pcap" "C:\Temp\172.27.242.215\Pcap\20191101_00_15-MIRR-BKP.pcap"
-Y "(gsm_old.localValue==46)&&(e164.msisdn=="525588420125")||(gsm_sms.tp-da=="5588420125")||(e164.msisdn=="526682370037")||(gsm_sms.tp-da=="6682370037")" "(gsm_old.localValue==46)&&(e164.msisdn=="525588420125")||(gsm_sms.tp-da=="5588420125")||(e164.msisdn=="526682370037")||(gsm_sms.tp-da=="6682370037")"
-T fields -E header=y -E "separator=~",  "separator=~",
-e frame.number -e frame.time -e smpp.sequence_number -e smpp.message_id -e _ws.col.Info -e tcap.tid -e tcap.otid -e e164.msisdn -e gsm_sms.tp-da -e gsm_sms.sms_text>"C:\Temp\172.27.242.215\Csv\20191101_00_15-MIRR-BKP.pcap.csv"
gsm_sms.sms_text
>"C:\Temp\172.27.242.215\Csv\20191101_00_15-MIRR-BKP.pcap.csv"

The parenthesis can also be used for single parameters

"C:\Program Files\Wireshark\tshark" Files\Wireshark\tshark"
-r "C:\Temp\172.27.242.215\Pcap\20191104_11_55-MIRR-BKP.pcap" "C:\Temp\172.27.242.215\Pcap\20191104_11_55-MIRR-BKP.pcap"
-Y "(tcap.tid=="85:64")" "(tcap.tid=="85:64")"
-w "C:\Temp\172.27.242.215\Csv\20191104_11_55-MIRR-BKP_caso_2.pcap" -F pcap
pcap

Thank you again Jim, grahamb and bubbasnmp for you input guys, without your help my project would have failed.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2