First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

tshark Tek options not human readable

  • retag add tags

If tshark -T text is running in text mode, the output is legible. 14 2018/110 17:30:21.384732 172.22.12.76 → 172.22.10.76 KNXnet/IP 63 TunnelReq #07:38 L_Data.req 0.0.0->1/0/0 GroupValueWrite $00

If tshark -Tek is running in addition mode, the output is not legible. "cemi.da": "0x00000801",

nullbyte's avatar
1
nullbyte
asked 2021-05-25 06:22:05 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Yes, it's supposed to be readable by Elasticsearch. As the TShark man page says:

T ek|fields|json|jsonraw|pdml|ps|psml|tabs|text
Set the format of the output when viewing decoded packet data. The options are one of:

ek Newline delimited JSON format for bulk import into Elasticsearch. ...

I.e., it was not designed, by the JSON/Elasticsearch people, for easy human readability, it was designed for easy readability by Elasticsearch. If that means that it's less human readable than intentionally human-readable text, that's life.

Guy Harris's avatar
19.9k
Guy Harris
answered 2021-05-25 06:30:13 +0000
grahamb's avatar
23.8k
grahamb
updated 2021-05-25 07:26:53 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer