Single line JSON output for tshark

2020-08-03

For those of us who do (or would like to do) processing on ongoing streams of traffic from tshark it would be AMAZING if tshark had an option which would output a json dictionary of fields and values, 1 packet per line. Similar to the EK format, however with regular tshark field names. Maybe call it json_line or something. You would make SO many people very very happy :)

2020-08-03

Guy Harris

That's not a question. :-)

Requests for new features are best made on the Wireshark Bugzilla, where they can be more easily 1) found (by querying for enhancements) and 2) tracked through the development process (commits can have "Bug: {bug number}" lines in the commit message to tie them to the bug/enhancement request, and the request can be closed once the feature is implemented).

Excellent, thank you! I will move my request there :)

bmoresecure

Asked: 2020-08-03

Seen: 139 times

Last updated: Aug 03