THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 3
André's avatar
176
André
updated 2021-09-21 20:25:23 +0000

You can use tshark to do this. For example:

tshark -r test.pcap -Y 'cbsp or sabp or sbcap' -O cbsp,sabp,sbcap -T json

Options: -r to read the file, -Y for display filter, -O output only listed protocol, -T (optional) select output format.
See documentation at: https://www.wireshark.org/docs/man-pages/tshark.html

You can redirect the output to a file or run tshark as a sub-process in your application and process its output directly.

Revision 2
André's avatar
176
André
updated 2021-09-21 20:23:57 +0000

You can use tshark to do this. For example:

tshark -r test.pcap -Y 'cbsp or sabp or sbcap' -O cbsp,sabp,sbcap -T json

Options: Options -r to read the file, -Y for display filter, -O output only listed protocol, -T (optional) select output format.
See documentation at: https://www.wireshark.org/docs/man-pages/tshark.html

You can redirect the output to a file or run tshark as a sub-process in your application and process its output directly.

Revision 1
André's avatar
176
André
answered 2021-09-21 20:18:25 +0000

You can use tshark to do this. For example:

tshark -r test.pcap 'cbsp or sabp or sbcap' -Y sbcap -O cbsp,sabp,sbcap sbcap -T json

Options -r to read the file, -Y for display filter, filter (cbsp, sabp or sbcap), -O output only listed protocol, -T (optional) select output format.
See documentation at: https://www.wireshark.org/docs/man-pages/tshark.html

You can redirect the output to a file or run tshark as a sub-process in your application and process its output directly.