 | 1 | initial version |
That's part of the Expert Info fields.
$ tshark -r ./ultpcap2.pcapng -T fields -e _ws.expert.message -Y _ws.expert.message
Connection establish request (SYN): server port 80
Connection establish acknowledge (SYN+ACK): server port 80
GET / HTTP/1.1\r\n
HTTP/1.1 200 OK\r\n
Connection finish (FIN)
<snip>
Filter on the field name (-Y _ws.expert.message) to not print blank lines for frames that's don't contain Expert Info.
| | 2 | No.2 Revision |
That's part of the Expert Info fields.fields. (Man page here)
$ tshark -r ./ultpcap2.pcapng -T fields -e _ws.expert.message -Y _ws.expert.message
Connection establish request (SYN): server port 80
Connection establish acknowledge (SYN+ACK): server port 80
GET / HTTP/1.1\r\n
HTTP/1.1 200 OK\r\n
Connection finish (FIN)
<snip>
Filter on the field name (-Y _ws.expert.message) to not print blank lines for frames that's don't contain Expert Info.
Or filter on contents of the Expert Info message:
$ tshark -r ./ultpcap2.pcapng -T fields -e frame.number -e _ws.expert.message -Y "_ws.expert.message contains \"RST\""
4440 Connection reset (RST)
4441 Connection reset (RST)
4442 Connection reset (RST)
4443 Connection reset (RST)