Export to text with tshark

asked May 21 '19

tantal
3 ●1 ●2

updated May 21 '19

Hi guys, how can I export with tshark to text with all the Packet details expanded?

Prtscr of how I do it in Wireshark. http://ibb.co/k2Qp00q

Comments

It looks like tshark can't read the disection:
Unknown - aborting dissection Extraneous Data

GSM A-I/F DTAP - Identity Response Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: 0 10.. .... = Sequence number: 2 ..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19) Unknown - aborting dissection Extraneous Data

tantal ( May 22 '19 )

Arrrrrgh, after upgrade the tshark output is identitcal.

tantal ( May 22 '19 )

add a comment

2 Answers

Sort by » oldest newest most voted

answered May 21 '19

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23850 ●4 ●988 ●227 https://www.wireshark.org

From the tshark Man Page (and as output by tshark -h):

-V Cause TShark to print a view of the packet details.

There's quite a bit more about controlling output in the Man page.

link

Comments

-V is not as detailed as export from wireshark. I read the MAN, but just cant find an answer.

tantal ( May 21 '19 )

Arrrrrgh, after upgrade the tshark output is identitcal.

tantal ( May 22 '19 )

Note that you will probably need to add two-pass processing, -2, to tshark to get absolutely identical output as Wireshark always does two-pass, but it's an extra option for tshark.