First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to find protocol from display fields

Hi I'm sending tshark json to elk stack to analyze packets. I'm searching for a field that shows me the protocol of flow like FTP. I appreciate any help

emahdij's avatar
1
emahdij
asked 2021-03-14 10:33:45 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

You could parse it out of frame.protocols or specify a list of fields with -e options including _ws.col.Protocol.
If you search for _ws.col.Protocol here on the Q&A site there are examples.
tshark man page

Chuckc's avatar
3k
Chuckc
answered 2021-03-14 15:09:30 +0000, updated 2021-03-14 15:10:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer