Why do JSON and PDML exports have different data from the same session?

asked 2020-03-25 15:54:08 +0000

I am new to Wireshark. I filtered my captured packet traffic to an IP address associated with an HTTPS site I control. When exporting this data, I tried exporting it to .csv, .json, .pdml, etc.

Why do the contents of these files differ despite exporting the same data? For example, the PDML file contains information from the "info" column, which seems like a user-friendly column that summarizes the purpose of that packet. For example, "Client Hello" or "Application Data." This same information is absent from the .json file. Why is that the case? What other information is included in the .PDML but not in the .JSON, and vice versa?

I could not find any documentation for these differences and it is difficult to manually parse any patterns.

edit retag flag offensive close merge delete

Comments

Have you tried doing the exports with tshark ?
There is some information in the man page

bubbasnmp gravatar imagebubbasnmp ( 2020-03-25 17:29:21 +0000 )edit