Ask Your Question
0

How to find protocol from display fields

asked 2021-03-14 10:33:45 +0000

emahdij gravatar image

Hi I'm sending tshark json to elk stack to analyze packets. I'm searching for a field that shows me the protocol of flow like FTP. I appreciate any help

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-03-14 15:09:30 +0000

Chuckc gravatar image

updated 2021-03-14 15:10:06 +0000

You could parse it out of frame.protocols or specify a list of fields with -e options including _ws.col.Protocol.
If you search for _ws.col.Protocol here on the Q&A site there are examples.
tshark man page

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-03-14 10:33:45 +0000

Seen: 374 times

Last updated: Mar 14 '21

Related questions

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?

Tshark TCP stream assembly

Tshark output file problem, saving to csv or txt

How to convert Pcapng file to pcap file by Tshark