export from one field of packets

asked 2023-02-27 13:13:55 +0000

Hello Sorry, my English is not good I wanted to know if there is a way to output only a specific field of a large number of packets in a file format?

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2023-02-27 14:03:55 +0000

Chuckc
2873 ●6 ●571 ●20

tshark is good for exporting fields:

~$ tshark -r ./output.pcap -T fields -e frame.number -e tcp.flags.str -Y tcp.flags.str
50      ·······A···F
51      ·······AP···
52      ·······AP···
53      ·······A····
...

Adding the -Y option with the field name prevents printing blank lines for frames that don't include the field.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-02-27 13:13:55 +0000

Seen: 136 times

Last updated: Feb 27 '23

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

export from one field of packets edit

1 Answer