Single line JSON output for tshark

For those of us who do (or would like to do) processing on ongoing streams of traffic from tshark it would be AMAZING if tshark had an option which would output a json dictionary of fields and values, 1 packet per line. Similar to the EK format, however with regular tshark field names. Maybe call it json_line or something. You would make SO many people very very happy :)

answered Aug 3 '0

Guy Harris
19905 ●3 ●667 ●207

That's not a question. :-)

Requests for new features are best made on the Wireshark Bugzilla, where they can be more easily 1) found (by querying for enhancements) and 2) tracked through the development process (commits can have "Bug: {bug number}" lines in the commit message to tie them to the bug/enhancement request, and the request can be closed once the feature is implemented).

link

Comments

Excellent, thank you! I will move my request there :)

bmoresecure ( Aug 3 '0 )

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Single line JSON output for tshark

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Single line JSON output for tshark savecancel

1 Answer

Comments