First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

seprate packet lines in tshark

hi. i want to separate the line of each packet in tshark. for example

frame.number ip.src ip.dst

1 192.111.111.111 222.222.222.222

++++++++++++++++++++++++++++++

2 192.111.111.111 222.222.222.222

++++++++++++++++++++++++++++++

3 192.111.111.111 222.222.222.222

++++++++++++++++++++++++++++++

i use this command but not work.

tshark -r test.pcap -T fields -e frame.number -e ip.src -e ip.dst -S + -V >test.txt

updated 2018-03-26 19:33:16 +0000
This post is a wiki. Anyone with karma >750 is welcome to improve it.
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Tshark has no mechanism to do that.

If you're on a UN*X, so that you have the sed command available, you could try

tshark -r test.pcap -T fields -e frame.number -e ip.src -e ip.dst | sed "a\\
++++++++++++++++++++++++++++++
" >test.txt

Note that the command really is on 3 separate lines. The newline after the a\ command is required, as is the newline after the sequence of +'s.

Guy Harris's avatar
19.9k
Guy Harris
answered 2018-03-26 20:43:58 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer