make wireshark.exe return json via cmd

asked 2021-01-04 09:17:11 +0000

learningnew gravatar image

Hi, is there a way to use wireshark.exe that will return a json without using tshark? I mean to give it a pcap and get a json back but only with wireshark.exe without using the GUI, only cmd command. Thanks

answered 2021-01-04 12:28:19 +0000

grahamb gravatar image

No. The entire purpose of tshark is to return dissection products in some textual form so why not use it?

Because tshark crashes with a specific dll dissector when wireshark gui does not

learningnew gravatar imagelearningnew ( 2021-01-04 12:30:55 +0000 )edit

tshark shouldn't crash. Please raise an issue at the Wireshark GitLab issue tracker attaching the capture file if at all possible.

grahamb gravatar imagegrahamb ( 2021-01-04 20:56:53 +0000 )edit

I'd rather know what that 'specific dll dissector' is. Not really interested in hunting down issues in closed source additions.

Jaap gravatar imageJaap ( 2021-01-04 21:42:28 +0000 )edit

Could be in one of the distributed plugins.

grahamb gravatar imagegrahamb ( 2021-01-04 22:33:51 +0000 )edit

Asked: 2021-01-04 09:17:11 +0000

Seen: 27 times

Last updated: Jan 04