save info field from "screen" to a file
How do you save the info field to a text file for every packet that was filtered by the capture filter.
How do you save the info field to a text file for every packet that was filtered by the capture filter.
If you mean "Info Column", and that's the only column you want, you can achieve this with tshark:
Method 1: Specify the column format explicitly:
*nix: tshark -r file.pcap -o 'gui.column.format:"Info","%i"' > info.txt
Windows: tshark -r file.pcap -o "gui.column.format:\"Info\",\"%i\"'" > info.txt
Run tshark -G column-formats for a list of "built-in" column formats. If a field isn't listed, then you can always use the "Some Field","%Cus:someproto.somefield" method for adding so-called custom columns.
Method 1: Specify the fields you want: tshark -r file.pcap -T fields -e _ws.col.Info > info.txt
Of course you can also achieve this with Wireshark as well, but if you use File -> Export Packet Dissections -> As Plain Text... without preparing the column layout first, then you'll be exporting all columns, and not just the Info column.
Use File / Export Packet Dissections / As Plain Text / Clear Packet Details checkbox
Asked: May 21 '0
Seen: 812 times
Last updated: May 21 '20
Filtered by a Display Filter?
Export Packet Dissections
If on Windows verify that you're on latest 3.2.4 release.