How can I filter out specific packets.

asked 2022-09-22 08:02:21 +0000

CJ gravatar image

Hi, I am new here and beginner on Wireshark/tshark. I am currently using tshark as I don't need the GUI. I am trying to filter out these specific features>>

'IPV4_SRC_ADDR', 'L4_SRC_PORT', 'IPV4_DST_ADDR', 'L4_DST_PORT', 'PROTOCOL', 'L7_PROTO', 'IN_BYTES', 'OUT_BYTES', 'IN_PKTS', 'OUT_PKTS', 'TCP_FLAGS', 'FLOW_DURATION_MILLISECONDS'

So, I am kind of using the command tshark -i Ethernet -w pac.pcapng -Tfields -e frame.number -e frame.time -e ip.src -e ip.dst -e ip.proto -e tcp.flags -E header=y -E separator=\t -E quote=d -E occurrence=a But still so many features are missed out so how can i get all the features that I want.

edit retag flag offensive close merge delete