how to use tshark to show all srcport and dstport?

edit

What's wrong with it that it needs to be fixed? It has more than just the TCP source and destination ports, but that's what you told TShark to do.

Do you mean you also want UDP source and destination ports, for example?

i want tcpport and udp port....

You could add columns for Src port (unresolved) and Dest port (unresolved) to the profile (looks like Default profile is used - no "-C" option).

Then reference them as _ws.col fields (using column title) in tshark:

$ tshark -r ./ultpcap2.pcapng -T fields -e _ws.col.No\. -e _ws.col.Protocol -e _ws.col.srcport -e _ws.col.dstport | grep -i tcp | head -2
1       TCP     1152    80
2       TCP     80      1152

$ tshark -r ./ultpcap2.pcapng -T fields -e _ws.col.No\. -e _ws.col.Protocol -e _ws.col.srcport -e _ws.col.dstport | grep -i udp | head -2
845     UDP     64199   1967
846     UDP     64091   1967


$ tshark -r ./ultpcap2.pcapng -T fields -e _ws.col.No\. -e _ws.col.Protocol -e _ws.col.srcport -e _ws.col.dstport | grep -i dns | head -2
64      DNS     56606   53
65      DNS     53      56606

Or you could override the column settings on the command line:

tshark -o gui.column.format:"SP,%uS,DP,%uD" -r {capture file} -T fields -e frame.time -e ip.src -e ip.dst -e ip.proto -e _ws.col.SP -e _ws.col.DP -E header=n -E separator=, -E quote=n -E occurrence=f

The -o gui.column.format parameter sets TShark up to have two columns - a column with the title "SP", containing the unresolved source port, and a column with the title "DP", containing the unresolved destination port. That won't change your profile, it'll just change the columns for that particular instance of TShark.

If you just want source and destination ports, why not use the statistics feature?

tshark -r $file -nq -z endpoints,tcp -z endpoints,udp

or

tshark -r $file -nq -z conv,tcp -z conv,udp