First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

tshark -T ek or JSON

  • retag add tags

I am trying to run tshark -T ek or -T json but the only options available are tshark: Invalid -T parameter. It must be "ps", "text", "pdml", "psml" or "fields". I am sure iI am doing something wrong - any ideas appreciated.

ccncore's avatar
1
ccncore
asked 2021-04-11 12:59:12 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Add output of tshark -v which includes version and platform information.

Chuckc's avatar Chuckc (2021-04-11 13:55:27 +0000) edit
more
  • delete

output:

# tshark -v 
TShark 1.10.14 (Git Rev Unknown from unknown)
ccncore's avatar ccncore (2021-04-12 18:35:37 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

You will need to upgrade to a newer version of tshark:
Wireshark 2.2.0 Release Notes

The Qt UI, GTK+ UI, and TShark can now export packets as JSON. 
TShark can additionally export packets as Elasticsearch-compatible JSON.
Chuckc's avatar
3k
Chuckc
answered 2021-04-12 18:39:35 +0000, updated 2021-04-12 18:41:40 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks Chuck much appreciated the only other thing I am stuck on is how to get that version into Centos 7

ccncore's avatar ccncore (2021-04-12 18:55:23 +0000) edit
more
  • delete

It's not terrible to build from the source.
Definitely make sure to run tools/rpm-setup.sh to get all the dependencies.
Link to source

Chuckc's avatar Chuckc (2021-04-12 19:11:51 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer