This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Get Data same as Wireshark using Tshark

0
tshark.exe -i 1 -P -V -S \"End of Packet\" -x

gives all the required data of the packet, packet detail as well as packet bytes

but how can I split the Frames Ethernet IP Version TCP

etc

tried using :

-E<fieldsoption>=<value> set options for output when -Tfields selected:
 header=y|n            switch headers on and off
 separator=/t|/s|<char> select tab, space, printable character as separator
 occurrence=f|l|a      print first, last or all occurrences of each field
 aggregator=,|/s|<char> select comma, space, printable character as
                       aggregator

Thanks, in advance

asked 19 Nov '14, 01:59

erarijit's gravatar image

erarijit
21459
accept rate: 0%


One Answer:

0

You must add a -T fields parameter to use -E and -e. What did you try?

answered 19 Nov '14, 02:15

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 19 Nov '14, 02:25

no I didn't added -T fields

can you show me an example if you have?

(19 Nov '14, 02:19) erarijit

I've corrected my answer a bit. Use -T fields to switch to fields mode, use -E to set field options such as separator and quotes and then use multiple -e fieldname parameters to specify the fields.

There are examples of the parameters in the tshark man page, and Google and this site should show you lots more.

(19 Nov '14, 02:30) grahamb ♦