Ask Your Question

Need to Store the Protocol Heirarchy, Endpoint statistics, Conversation statistics, and http statistics in Json format using Tshark

asked 2022-01-25 11:24:21 +0000

updated 2022-01-25 11:39:04 +0000

grahamb gravatar image

I am using Wireshark for capturing the packers and Tshark for analysis purposes. When I am trying to store the Protocol Hierarchy, Endpoint statistics, Conversation statistics, and HTTP statistics result in JSON format using Tshark, I am not getting the output as I expected it to be but just a text file which I do not want. Could someone please help me to find a way out for this? I have attached the output I am getting after using the command sudo tshark -n -q -r dump.pcap -z io,phs > fff.json

Protocol Hierarchy Statistics


eth                                      frames:138 bytes:14034

  arp                                    frames:2 bytes:84

  ip                                     frames:136 bytes:13950

    udp                                  frames:112 bytes:11813

      dns                                frames:10 bytes:1145

      nbns                               frames:72 bytes:6624

      llmnr                              frames:12 bytes:792

      ntp                                frames:2 bytes:180

      nbdgm                              frames:4 bytes:972

        smb                              frames:4 bytes:972

          mailslot                       frames:4 bytes:972

            browser                      frames:4 bytes:972

      ssdp                               frames:12 bytes:2100

    tcp                                  frames:20 bytes:1921

      http                               frames:2 bytes:384

        data-text-lines                  frames:1 bytes:233

    igmp                                 frames:4 bytes:216
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-01-25 15:08:06 +0000

grahamb gravatar image

The output of any the -z options is formatted plain text, redirecting the output to a file with the extension of .json won't make it into json.

You can either:

  1. Post-process the output using your language of choice.
  2. Create an enhancement request at the Wireshark GitLab Issues page.
  3. Make the required modifications to tshark yourself, or pay someone to do it. Not trivial.
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2022-01-25 11:24:21 +0000

Seen: 131 times

Last updated: Jan 25 '22