 | 1 | initial version |
It would be nice if there was a frame.data field but that doesn't exist at this time.
frame_raw is not a field. It is a special case JSON format (print.c):
// "-x" command line option. A "_raw" suffix is added to the json key so the textual value can be printed
// with the original json key. If both hex and text writing are enabled the raw information of fields whose
// length is equal to 0 is not written to the output. If the field is a special text pseudo field no raw
// information is written either.
You asked for tshark. Here's something close with rawshark. The output will need to be cleaned up (grep/sed/awk/perl/python/...) so maybe a tossup whether this is better than the tshark output. From the rawshark man page: "Also note that the output may be in any order"
C:\>rawshark -s -r - -d proto:frame -F frame.time_epoch -F frame < dhcp.pcap
0 FT_RELATIVE_TIME BASE_NONE - 1 FT_PROTOCOL BASE_NONE -
1 1="ff:ff:ff:ff:ff:ff:00:0b:82:01:fc:42:08:00:45:00:01:2c:a8:36:00:00:fa:11:17:8b:00:00:00:00:ff:ff:ff:ff:00:44:00:43:01:18:59:1f:01:01:06:00:00:00:3d:1d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0b:82:01:fc:42:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:63:82:53:63:35:01:01:3d:07:01:00:0b:82:01:fc:42:32:04:00:00:00:00:37:04:01:03:06:2a:ff:00:00:00:00:00:00:00" 0="1102274184.317453000" -
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.