1 | initial version |
You can use the -o
command line argument in tshark to change preference settings. So in this case the following command will do the trick:
tshark -o tcp.analyze_sequence_numbers:FALSE -r file.pcapng
If you want to get all the preference names, you can use tshark -G currentprefs
.
I often use egrep to extract settings for just one protocol, like this:
$ tshark -G currentprefs | egrep "^#?tcp."
#tcp.summary_in_tree: TRUE
#tcp.check_checksum: FALSE
#tcp.desegment_tcp_streams: TRUE
#tcp.reassemble_out_of_order: FALSE
#tcp.analyze_sequence_numbers: TRUE
#tcp.relative_sequence_numbers: TRUE
#tcp.default_window_scaling: Not known
#tcp.track_bytes_in_flight: TRUE
#tcp.calculate_timestamps: TRUE
#tcp.try_heuristic_first: FALSE
#tcp.ignore_tcp_timestamps: FALSE
#tcp.no_subdissector_on_error: TRUE
#tcp.dissect_experimental_options_with_magic: TRUE
#tcp.display_process_info_from_ipfix: FALSE
#tcpros.desegment_tcpros_messages: TRUE
$