Ask Your Question
0

Command line tshark JSON and Packet details all expanded

asked 2019-11-06 15:53:35 +0000

BAW331 gravatar image

Hi there,

I would like to convert PCAP files to JSON using the tshark command line and they must have Packet details: All expanded using the command line without the pack summary line option selected.

So summary(using the command line save PCAP as): - Export to JSON - Packet details: All expanded - Packet summary line: unticked

Is there anyway to do that?

Thanks for your help!!!

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-04-23 20:02:07 +0000

KirtCaron gravatar image

$MyJson = .\tshark.exe -i 2 -T json -Y "ssl.handshake.certificate" -V -a duration:10|ConvertFrom-Json $MyJson[0].'_source'.layers

$MyJson[0].'_source'.layers.ssl.'ssl.record'.'ssl.handshake'

edit flag offensive delete link more
0

answered 2019-11-06 16:17:51 +0000

Chuckc gravatar image

updated 2019-11-06 16:22:37 +0000

Have you tried:

tshark -r "filename" -T json
edit flag offensive delete link more

Comments

https://www.wireshark.org/docs/man-pa... json JSON file format. It can be used with -j or -J including the JSON filter or with -x option to include raw hex-encoded packet data. Example of usage:

  tshark -T json -r file.pcap
  tshark -T json -j "http tcp ip" -x -r file.pcap
Chuckc gravatar imageChuckc ( 2019-11-06 16:22:01 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-11-06 15:53:35 +0000

Seen: 10,023 times

Last updated: Apr 23 '20