Ask Your Question
0

tshark Tek options not human readable

asked 2021-05-25 06:22:05 +0000

If tshark -T text is running in text mode, the output is legible. 14 2018/110 17:30:21.384732 172.22.12.76 → 172.22.10.76 KNXnet/IP 63 TunnelReq #07:38 L_Data.req 0.0.0->1/0/0 GroupValueWrite $00

If tshark -Tek is running in addition mode, the output is not legible. "cemi.da": "0x00000801",

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2021-05-25 06:30:13 +0000

Guy Harris gravatar image

updated 2021-05-25 07:26:53 +0000

grahamb gravatar image

Yes, it's supposed to be readable by Elasticsearch. As the TShark man page says:

T ek|fields|json|jsonraw|pdml|ps|psml|tabs|text
Set the format of the output when viewing decoded packet data. The options are one of:

ek Newline delimited JSON format for bulk import into Elasticsearch. ...

I.e., it was not designed, by the JSON/Elasticsearch people, for easy human readability, it was designed for easy readability by Elasticsearch. If that means that it's less human readable than intentionally human-readable text, that's life.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2021-05-25 06:22:05 +0000

Seen: 185 times

Last updated: May 25 '21