 | 1 | initial version |
output similar to what wireshark does
Do you mean Src port (unresolved) and Dest port (unresolved) columns?
If so, you can print columns with tshark:
Column names may be used prefixed with "_ws.col."
The column names are not intuitive but can be found in epan/column.c:
{ COL_UNRES_DST_PORT, "Dest port (unresolved)" },
...
{ COL_UNRES_SRC_PORT, "Src port (unresolved)" },
The columns will need to exist in the profile you are using with tshark.
You could add them to a new profile and tell tshark use it with the -C option:
-C <configuration profile=""> Run with the given configuration profile.
~$ tshark -r tcptst.pcap -T fields -e tcp.srcport -e _ws.col.unres_src_port -e _ws.col.unres_dst_port 443 443 18082 443 443 18082 443 443 18082