This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

windows 7 problem tshark

0

Hi

I had the current version of Wireshark1.10.2 on my laptop (Mac Os) and desktop (windows 7) I tried this script in terminal and it is working on Mac Os, but whenever I try it in Windows 7 command terminal, I get this error:

tshark: Invalid -o flag "column.format:'No.,%m,"

Why it is working in Mac os but not in windows !!!!!

Please Help me :)

tshark -Y "ip" -o column.format:'"No.","%m", "full time", "%Yt","src ip", "%us","des ip","%ud", "lenght", "%L","transfered byte", "%B","protocol","%p","srcmac","%uhs","destmac","%uhd","sourceport", "%uS", "destport", "%uD", "Info", "%i"' -r test.pcap >test.txt

tshark: Invalid -o flag "column.format:'No.,%m,"

Thanks in advance

asked 17 Jan '14, 11:46

Payam365's gravatar image

Payam365
21225
accept rate: 0%


One Answer:

0

The problem is quoting. You need to escape all the quotes using \" except for the outermost quotes. The development version of tshark adds a -G column-formats option that, besides listing all available column formats, provides the following example at the end of the output:

For example, to print Wireshark's default columns with tshark:

tshark.exe -o "gui.column.format:\"No.\",\"%m\",\"Time\",\"%t\",\"Source\",\"%s\",\"Destination\",\"%d\",\"Protocol\",\"%p\",\"Length\",\"%L\",\"Info\",\"%i\""

answered 17 Jan '14, 12:07

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%