This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tshark Command Line

0

Hello,

Can anyone can help me with a command line in Tshark that will provide me the same information as if I go to Wireshark > Statistics > Conversations > TCP Tab with NO Name Resolution?

I need to write lots of appcapture files in text with this specific format. I'm trying to write a BAT file that will convert hundreds of files at once.

This is what I have so far:

tshark -nn -r INPUT_FILE.appcapture -T fields -E separator=; -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport >OUTPUT_FILE.txt

Thanks in advance,

Andre B. Bueno.

asked 26 Aug '11, 10:51

AndreBueno's gravatar image

AndreBueno
1111
accept rate: 0%

edited 26 Aug '11, 13:59

helloworld's gravatar image

helloworld
3.1k42041

One Answer:

1

How about: tshark -r INPUT_FILE -z conv,tcp -q -n

That returns output like this:

================================================================================
TCP Conversations
Filter:<No Filter>
                                               |       <-      | |       ->      | |     Total     |
                                               | Frames  Bytes | | Frames  Bytes | | Frames  Bytes |
192.168.69.217:57900 <-> 192.168.69.240:9220       10       673       7       441      17      1114
192.168.69.217:57899 <-> 192.168.69.240:9220       10       673       7       441      17      1114
192.168.69.217:57898 <-> 192.168.69.240:9220       10       673       7       441      17      1114
192.168.69.217:57901 <-> 209.85.227.147:80          2       126       3      1556       5      1682
192.168.69.217:57854 <-> 209.85.227.147:80          1        60       2       108       3       168
================================================================================

answered 26 Aug '11, 13:15

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hi Thanks for the answer...I need to get only TCP conversations but I need also this specific format:

Address A,Port A,Address B,Port B,Packets,Bytes,Packets A->B,Bytes A->B,Packets A<-B,Bytes A<-B,Rel Start,Duration,bps A->B,bps A<-B.

any thoughts?

(26 Aug '11, 15:31) AndreBueno