 | 1 | initial version |
In case you don't want to modify Wireshark columns or even necessarily have to rely on them, one alternative is to make use of the -o <preference>:<value> option to explicitly set the gui.column.format. For example:
tshark -r /var/lib/tshark/dump/trafficdump.pcap -Y "(fix.MsgType ~ D or fix.MsgType ~ F or fix.MsgType ~ G) and not tcp.analysis.retransmission" -o 'gui.column.format:"Time","%t","TimeEpoch","%Cus:frame.time_epoch","MsgType","%Cus:fix.MsgType","ClOrdID","%Cus:fix.ClOrdID","SenderCompID","%Cus:fix.SenderCompID","ExecType","%Cus:fix.ExecType","TargetCompID","%Cus:fix.TargetCompID","AbsTime","%Yt"'
Run tshark -G column-formats for the list of "built-in" column formats.
You could also create a separate Fix profile in Wireshark with whatever columns you want and then just have tshark use that profile. For example:
tshark -r /var/lib/tshark/dump/trafficdump.pcap -Y "(fix.MsgType ~ D or fix.MsgType ~ F or fix.MsgType ~ G) and not tcp.analysis.retransmission" -C Fix
Refer to the tshark man page for more information.