Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Extract Information from Wireshark

Hi community!

Our project aims to analyze the pcap file based on the dissection data we get from Wireshark.

I would like to know if there is any interface I can use directly to extract the information provided by wireshark, such as source address, destination address, and any other protocol specific information.

I know lua script can get the dissection data easily, with "Field" object. For example, to get the source address of a ipv4 data frame, use Field.new("ip.src"). But it is not a generic solution. It becomes cumbersome when we want to support many protocols.

So, is there any function to get information like protocol name, data for a certain field. Or is there any command in Tshark?

I hope I addressed my problem clearly and thanks for taking time to read my question!

Kind Regards