THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Need to Store the Protocol Heirarchy, Endpoint statistics, Conversation statistics, and http statistics in Json format using Tshark

I am using Wireshark for capturing the packers and Tshark for analysis purposes. When I am trying to store the Protocol Hierarchy, Endpoint statistics, Conversation statistics, and HTTP statistics result in JSON format using Tshark, I am not getting the output as I expected it to be but just a text file which I do not want. Could someone please help me to find a way out for this? I have attached the output I am getting after using the command sudo tshark -n -q -r dump.pcap -z io,phs > fff.json

Protocol Hierarchy Statistics

Filter: 

eth                                      frames:138 bytes:14034

  arp                                    frames:2 bytes:84

  ip                                     frames:136 bytes:13950

    udp                                  frames:112 bytes:11813

      dns                                frames:10 bytes:1145

      nbns                               frames:72 bytes:6624

      llmnr                              frames:12 bytes:792

      ntp                                frames:2 bytes:180

      nbdgm                              frames:4 bytes:972

        smb                              frames:4 bytes:972

          mailslot                       frames:4 bytes:972

            browser                      frames:4 bytes:972

      ssdp                               frames:12 bytes:2100

    tcp                                  frames:20 bytes:1921

      http                               frames:2 bytes:384

        data-text-lines                  frames:1 bytes:233

    igmp                                 frames:4 bytes:216
Hackeriit21's avatar
1
Hackeriit21
asked 2022-01-25 11:24:21 +0000
grahamb's avatar
23.8k
grahamb
updated 2022-01-25 11:39:04 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The output of any the -z options is formatted plain text, redirecting the output to a file with the extension of .json won't make it into json.

You can either:

  1. Post-process the output using your language of choice.
  2. Create an enhancement request at the Wireshark GitLab Issues page.
  3. Make the required modifications to tshark yourself, or pay someone to do it. Not trivial.
grahamb's avatar
23.8k
grahamb
answered 2022-01-25 15:08:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer