Ask Your Question

tshark -T ek or JSON

asked 2021-04-11 12:59:12 +0000

ccncore gravatar image

I am trying to run tshark -T ek or -T json but the only options available are tshark: Invalid -T parameter. It must be "ps", "text", "pdml", "psml" or "fields". I am sure iI am doing something wrong - any ideas appreciated.

edit retag flag offensive close merge delete


Add output of tshark -v which includes version and platform information.

Chuckc gravatar imageChuckc ( 2021-04-11 13:55:27 +0000 )edit


# tshark -v 
TShark 1.10.14 (Git Rev Unknown from unknown)
ccncore gravatar imageccncore ( 2021-04-12 18:35:37 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2021-04-12 18:39:35 +0000

Chuckc gravatar image

updated 2021-04-12 18:41:40 +0000

You will need to upgrade to a newer version of tshark:
Wireshark 2.2.0 Release Notes

The Qt UI, GTK+ UI, and TShark can now export packets as JSON. 
TShark can additionally export packets as Elasticsearch-compatible JSON.
edit flag offensive delete link more


Thanks Chuck much appreciated the only other thing I am stuck on is how to get that version into Centos 7

ccncore gravatar imageccncore ( 2021-04-12 18:55:23 +0000 )edit

It's not terrible to build from the source.
Definitely make sure to run tools/ to get all the dependencies.
Link to source

Chuckc gravatar imageChuckc ( 2021-04-12 19:11:51 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-04-11 12:59:12 +0000

Seen: 701 times

Last updated: Apr 12 '21