Command line tshark JSON and Packet details all expanded

asked 2019-11-06 15:53:35 +0000

BAW331
1 ●1 ●1 ●1

Hi there,

I would like to convert PCAP files to JSON using the tshark command line and they must have Packet details: All expanded using the command line without the pack summary line option selected.

So summary(using the command line save PCAP as): - Export to JSON - Packet details: All expanded - Packet summary line: unticked

Is there anyway to do that?

Thanks for your help!!!

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2020-04-23 20:02:07 +0000

KirtCaron
1 ●2

$MyJson = .\tshark.exe -i 2 -T json -Y "ssl.handshake.certificate" -V -a duration:10|ConvertFrom-Json $MyJson[0].'_source'.layers

$MyJson[0].'_source'.layers.ssl.'ssl.record'.'ssl.handshake'

edit flag offensive delete link

add a comment

answered 2019-11-06 16:17:51 +0000

Chuckc
3023 ●6 ●608 ●20

updated 2019-11-06 16:22:37 +0000

Have you tried:

tshark -r "filename" -T json

edit flag offensive delete link

Comments

https://www.wireshark.org/docs/man-pa... json JSON file format. It can be used with -j or -J including the JSON filter or with -x option to include raw hex-encoded packet data. Example of usage:

  tshark -T json -r file.pcap
  tshark -T json -j "http tcp ip" -x -r file.pcap

Chuckc ( 2019-11-06 16:22:01 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Command line tshark JSON and Packet details all expanded

2 Answers

Comments

Your Answer

Question Tools

Stats

Related questions

Command line tshark JSON and Packet details all expanded edit

2 Answers

Comments

Your Answer

Question Tools

Stats

Related questions

Command line tshark JSON and Packet details all expanded