Ask Wireshark - RSS feedhttps://ask.wireshark.org/questions/Wireshark questions and answersenCopyright Wireshark Foundation, 2017-2023Mon, 08 Mar 2021 12:15:14 +0000Do not decode above tcp.port and output as texthttps://ask.wireshark.org/question/21693/do-not-decode-above-tcpport-and-output-as-text/ Hi all, It might be that the answer is already written somewhere, but I havent't been able find it. This siutation is as follows: we capture network traffic to process data from one particular port. After doing the capture, we convert it to a comma separate file using: tshark.exe -r input.pcapng -o data.show_as_text:TRUE -F logcat-long -eframe.time_epoch -eip.src -eip.dst -edata.text -Tfields "tcp.analysis.push_bytes_sent and tcp.port == 10001" > output.csv Most of the time this works great. However, one time we got a session that was interpreted as irc. This lead to the column data.text being empty for that session. I am thinking of adding `--disable-protocol irc` as extra argument to never have the issue again for irc. However, I was wondering whether there are better arguments to also achieve the same results. I did notice that the -C option can be used to specify a configuration file. These tests are running on multiple machines, so I would prefer to have a command-line only option. Also the tcp.payload which can be outputed by replacing `-edata.text` with `-etcp.payload`, but that only contains numbers and not the text. Does anybody have a good suggestions for command line parameters to use?HvdBrandMon, 08 Mar 2021 12:15:14 +0000https://ask.wireshark.org/question/21693/