First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Extraction of field names using tshark

I have very different type of pcap files and want to extract the field names from those files e.g. eth.dst, sctp.srcport in one go using tshark. I tried to find a magic command for that, but could not find it.

I want to convert the pcap file in the end into a csv file, but I need to have a list first, what fields there are....and "normal" looking at them from wireshark is not an option in the use case I have in mind.

Sand's avatar
1
Sand
asked 2020-03-27 15:31:05 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

If working on linux (or Windows with WSL):
tshark -r <filename> -T pdml | grep "field name" | sed -e "s/^.field name=\"//" | sed -e "s/\".$//" | sort | uniq

Chuckc's avatar
3k
Chuckc
answered 2020-03-27 15:53:12 +0000, updated 2020-03-27 15:53:30 +0000
edit flag offensive 0 remove flag delete link
more

Comments

thanks, the WSL trick is not really helping, as basically I would force the user of the python script to install WSL and also to install and run the python stuff there...which basically means, that the script will not be used. The classical wireshark export to csv skips many details and I want those....so I thought of tshark... but there one needs to know all the field names and can not just say "all" (at least not that I figured out)

Sand's avatar Sand (2020-04-01 07:38:51 +0000) edit
more
  • delete

If it can done with PowerShell would that be acceptable?

Chuckc's avatar Chuckc (2020-04-01 13:36:20 +0000) edit
more
  • delete
add a comment see more comments
0

thanks. it can be both linux or windows, since I will integrate it into a python script for both possibilities. I will check both approaches.

Sand's avatar
1
Sand
answered 2020-03-27 15:58:23 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer