 | 1 | initial version |
If you have access to the Wireshark Gui, it will be easier to learn the fields you want to display.
The tshark man page will help.
Example: tshark -e frame.number -e ip.addr -e udp -e _ws.col.Info
$ tshark -r ./quic-faceb002.pcap -T fields -e frame.number -e frame.len -e frame.time -E header=yes
frame.number frame.len frame.time
1 1274 Oct 2, 2020 02:19:21.477557000 Central Daylight Time
2 1294 Oct 2, 2020 02:19:21.500335000 Central Daylight Time
3 1294 Oct 2, 2020 02:19:21.501561000 Central Daylight Time
| | 2 | No.2 Revision |
If you have access to the Wireshark Gui, it will be easier to learn the fields you want to display.
The tshark man page will help.help with options.
Example: tshark -e frame.number -e ip.addr -e udp -e _ws.col.Info
$ tshark -r ./quic-faceb002.pcap -T fields -e frame.number -e frame.len -e frame.time -E header=yes
frame.number frame.len frame.time
1 1274 Oct 2, 2020 02:19:21.477557000 Central Daylight Time
2 1294 Oct 2, 2020 02:19:21.500335000 Central Daylight Time
3 1294 Oct 2, 2020 02:19:21.501561000 Central Daylight Time
| | 3 | No.3 Revision |
If you have access to the Wireshark Gui, it will be easier to learn the fields you want to display.
The tshark man page will help with options.
Example: tshark -e frame.number -e ip.addr -e udp -e _ws.col.Info
$ tshark -r ./quic-faceb002.pcap -T fields -e frame.number -e frame.len -e frame.time -E header=yes
frame.number frame.len frame.time
1 1274 Oct 2, 2020 02:19:21.477557000 Central Daylight Time
2 1294 Oct 2, 2020 02:19:21.500335000 Central Daylight Time
3 1294 Oct 2, 2020 02:19:21.501561000 Central Daylight Time
@SYN-bit (Sake Blok) is the tshark master.
Here is his presentation from Sharkfest 2019:
04: Solving (SharkFest) packet capture challenges with only tshark by Sake Blok
| | 4 | No.4 Revision |
If you have access to the Wireshark Gui, it will be easier to learn the fields you want to display.
The tshark man page will help with options.
Example: tshark -T fields -e frame.number -e ip.addr -e udp -e _ws.col.Info
$ tshark -r ./quic-faceb002.pcap -T fields -e frame.number -e frame.len -e frame.time -E header=yes
frame.number frame.len frame.time
1 1274 Oct 2, 2020 02:19:21.477557000 Central Daylight Time
2 1294 Oct 2, 2020 02:19:21.500335000 Central Daylight Time
3 1294 Oct 2, 2020 02:19:21.501561000 Central Daylight Time
@SYN-bit (Sake Blok) is the tshark master.
Here is his presentation from Sharkfest 2019:
04: Solving (SharkFest) packet capture challenges with only tshark by Sake Blok
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.