Command line tshark JSON and Packet details all expanded

tshark
commandline
retag add tags

Hi there,

I would like to convert PCAP files to JSON using the tshark command line and they must have Packet details: All expanded using the command line without the pack summary line option selected.

So summary(using the command line save PCAP as): - Export to JSON - Packet details: All expanded - Packet summary line: unticked

Is there anyway to do that?

Thanks for your help!!!

BAW331

asked 2019-11-06 15:53:35 +0000

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

Sort by

oldest

newest

most voted

Have you tried:

tshark -r "filename" -T json

Chuckc

answered 2019-11-06 16:17:51 +0000, updated 2019-11-06 16:22:37 +0000

edit flag offensive 0 remove flag delete link

Comments

https://www.wireshark.org/docs/man-pa... json JSON file format. It can be used with -j or -J including the JSON filter or with -x option to include raw hex-encoded packet data. Example of usage:

  tshark -T json -r file.pcap
  tshark -T json -j "http tcp ip" -x -r file.pcap

Chuckc (2019-11-06 16:22:01 +0000) edit

add a comment see more comments

$MyJson = .\tshark.exe -i 2 -T json -Y "ssl.handshake.certificate" -V -a duration:10|ConvertFrom-Json $MyJson[0].'_source'.layers

$MyJson[0].'_source'.layers.ssl.'ssl.record'.'ssl.handshake'

KirtCaron

answered 2020-04-23 20:02:07 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

Command line tshark JSON and Packet details all expanded edit

Comments

2 Answers

Comments

Comments