First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

In Tshark, which character to use as field-separator to separate SMS text from a bunch of data, as any character can be used within the SMS text?

I have a pcap file which has a bunch of data, and one of those data fields is SMS-text. It is dummy data ofcourse.

I am using Tshark and giving it a -E separator=CHARACTER, on the basis of which it separates fields into a CSV file. It uses a comma character as the default field separator.

Now the problem is that whenever a comma character occurs in SMS text, it separates the rest of the SMS text and makes it a separate field. If I add -E quote=d to the command, it separates at the occurence of " within SMS text and considers the rest of the SMS text as a separate field. This is a problem.

So my question is that how do I find a single character which I can use as a field separater in this case?

At the moment, my tshark command looks like this:

tshark -r inputFile.pcap  -T fields  -e field1  -e field2  -e smsTextField  -E quote=d  -E separator=,  >output.csv
Jason's avatar
1
Jason
asked 2018-08-31 14:46:27 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

According to the tshark man page, the tab character should be the default separator; have you tried it either implicitly or explicitly, i.e. -E separator=/t? Ultimately, it may just take some trial-and-error to find a character that's not present in the text. To quote the man page: "Otherwise any character that can be accepted by the command line as part of the option may be used."

cmaynard's avatar
11.1k
cmaynard
answered 2018-08-31 15:58:29 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer