Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Tshark - why is the -S argument (for line-separator) in my tshark command not working for me?

I took a small capture usning Wireshark for an example, and stored it into a .pcapng file. Then I used the following tshark command to extract the ip.dst field from each packet, and output it into a .csv file.

tshark    -r example.pcapng     -T fields     -e ip.dst     -S @    -E separator=/t    -E quote=n    -E header=y    > output.csv

From the help of tshark,

-S <separator> the line separator to print between packets

But still the output of it is the following, in which no @ character is printed. So my question is that what am I missing or doing wrong here, and how can I fix it?

Output of above command in csv file:

ip.dst
396.53.307.904
973.63.953.300
993.93.3.909
993.93.3.909


973.63.953.300
993.93.3.909
3.3.3.3
3.3.3.3
993.93.3.909
993.93.3.909