Ask Your Question
0

Tshark - why is the -S argument (for line-separator) in my tshark command not working for me?

asked 2018-09-01 10:04:06 +0000

Jason gravatar image

I took a small capture usning Wireshark for an example, and stored it into a .pcapng file. Then I used the following tshark command to extract the ip.dst field from each packet, and output it into a .csv file.

tshark    -r example.pcapng     -T fields     -e ip.dst     -S @    -E separator=/t    -E quote=n    -E header=y    > output.csv

From the help of tshark,

-S <separator> the line separator to print between packets

But still the output of it is the following, in which no @ character is printed. So my question is that what am I missing or doing wrong here, and how can I fix it?

Output of above command in csv file:

ip.dst
396.53.307.904
973.63.953.300
993.93.3.909
993.93.3.909


973.63.953.300
993.93.3.909
3.3.3.3
3.3.3.3
993.93.3.909
993.93.3.909
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-09-01 13:00:00 +0000

Pascal Quantin gravatar image

Hi Jason, for now this option is only applicable to the text output, when printing packets details (-V option), or when printing the hex output.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-09-01 10:04:06 +0000

Seen: 867 times

Last updated: Sep 01 '18