How to write filter in tshark to get only data I need?
I would like to capture database name, userid and passwords into JSON file. I would like to get the following output:
In above image: DB01 is database name, dbpw is password and db2inst1 is userid.
In tshark I have written bellow command:
tshark.exe -i 6 -f "tcp dst port 60127" -Y "drda.param.codepoint == 0x11a1" -T json -e "drda.param.codepoint" -e "drda.param.data.ebcdic" > c:\temp\wireshark.json
At the same time I captured traffic in Wireshark 4.0.4 just to get the same data graphically, because it is easier to imagine which data are captured.
Bellow image:
- left side (Wireshark)
- right side (tshark)
Problem is I get too much data.
How to write display filter in tshark to only get the data I want (first image in this post)?
Thanks