First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Tshark - why is the -S argument (for line-separator) in my tshark command not working for me?

I took a small capture usning Wireshark for an example, and stored it into a .pcapng file. Then I used the following tshark command to extract the ip.dst field from each packet, and output it into a .csv file. 

tshark    -r example.pcapng     -T fields     -e ip.dst     -S @    -E separator=/t    -E quote=n    -E header=y    > output.csv

From the help of tshark,

-S <separator> the line separator to print between packets

But still the output of it is the following, in which no @ character is printed. So my question is that what am I missing or doing wrong here, and how can I fix it?

Output of above command in csv file:

ip.dst
396.53.307.904
973.63.953.300
993.93.3.909
993.93.3.909


973.63.953.300
993.93.3.909
3.3.3.3
3.3.3.3
993.93.3.909
993.93.3.909
Jason's avatar
1
Jason
asked 2018-09-01 10:04:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Hi Jason, for now this option is only applicable to the text output, when printing packets details (-V option), or when printing the hex output.

Pascal Quantin's avatar
5.8k
Pascal Quantin
answered 2018-09-01 13:00:00 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer