Ask Your Question
0

How to find protocol from display fields

asked 2021-03-14 10:33:45 +0000

emahdij gravatar image

Hi I'm sending tshark json to elk stack to analyze packets. I'm searching for a field that shows me the protocol of flow like FTP. I appreciate any help

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-03-14 15:09:30 +0000

Chuckc gravatar image

updated 2021-03-14 15:10:06 +0000

You could parse it out of frame.protocols or specify a list of fields with -e options including _ws.col.Protocol.
If you search for _ws.col.Protocol here on the Q&A site there are examples.
tshark man page

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-03-14 10:33:45 +0000

Seen: 272 times

Last updated: Mar 14 '21

Related questions

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?

Tshark TCP stream assembly

Tshark output file problem, saving to csv or txt

How to convert Pcapng file to pcap file by Tshark

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2