I've tried "c:\Program Files\Wireshark\tshark.exe" -r capture-file.pcap -Y sip -T fields -e raw_sip
, the output is a wall of lines containing a literal raw_sip
. If I add -e sip.Call-ID
, I get the Call-ID values in front of the raw_sip
.
I understand that raw_sip is a multi-line text, but is there a way I haven't discovered to get the values printed by tshark or should I file a bug?