save info field from "screen" to a file

asked 2020-05-21 16:11:57 +0000

Russ
1 ●1

How do you save the info field to a text file for every packet that was filtered by the capture filter.

edit retag flag offensive close merge delete

Comments

Filtered by a Display Filter?
Export Packet Dissections
If on Windows verify that you're on latest 3.2.4 release.

Chuckc ( 2020-05-21 16:23:59 +0000 )edit

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2020-05-21 17:16:41 +0000

cmaynard

11115 ●11 ●317 ●165 https://www.igt.com/

If you mean "Info Column", and that's the only column you want, you can achieve this with tshark:

Method 1: Specify the column format explicitly:

*nix: tshark -r file.pcap -o 'gui.column.format:"Info","%i"' > info.txt
Windows: tshark -r file.pcap -o "gui.column.format:\"Info\",\"%i\"'" > info.txt

Run tshark -G column-formats for a list of "built-in" column formats. If a field isn't listed, then you can always use the "Some Field","%Cus:someproto.somefield" method for adding so-called custom columns.

Method 1: Specify the fields you want: tshark -r file.pcap -T fields -e _ws.col.Info > info.txt

Of course you can also achieve this with Wireshark as well, but if you use File -> Export Packet Dissections -> As Plain Text... without preparing the column layout first, then you'll be exporting all columns, and not just the Info column.