 | 1 | initial version |
The intended use of jsonraw was to reduce the "tshark -T json -x" output size and still to allow to dissect the protocol layers on raw/byte level and provide information regarding the dissected field. For possible use see the json2pcap script (however not all information are preserved in jsonraw compared to -T json -x, as frame timestamp).
The values in raw fields are:
"eth.src_raw": [
"881544b14f70", # hex string
6, # position in frame
6, # length
0, # bitmask
29 # type
],
The json2pcap script is flattening back the json into raw frame from highest layers to lowest. Certain fields are not byte aligned and then the bitmask is also used.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.