save info field from "screen" to a file
How do you save the info field to a text file for every packet that was filtered by the capture filter.
2 Answers
- Sort by
oldest newest most voted
0
Use File / Export Packet Dissections / As Plain Text / Clear Packet Details checkbox
0
If you mean "Info Column", and that's the only column you want, you can achieve this with tshark:
Method 1: Specify the column format explicitly:
*nix: tshark -r file.pcap -o 'gui.column.format:"Info","%i"' > info.txt
Windows: tshark -r file.pcap -o "gui.column.format:\"Info\",\"%i\"'" > info.txt
Run tshark -G column-formats for a list of "built-in" column formats. If a field isn't listed, then you can always use the "Some Field","%Cus:someproto.somefield" method for adding so-called custom columns.
Method 1: Specify the fields you want: tshark -r file.pcap -T fields -e _ws.col.Info > info.txt
Of course you can also achieve this with Wireshark as well, but if you use File -> Export Packet Dissections -> As Plain Text... without preparing the column layout first, then you'll be exporting all columns, and not just the Info column.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments
Filtered by a Display Filter?
Export Packet Dissections
If on Windows verify that you're on latest 3.2.4 release.