Export to text with tshark
Hi guys, how can I export with tshark to text with all the Packet details expanded?
Prtscr of how I do it in Wireshark. http://ibb.co/k2Qp00q
2 Answers
- Sort by
oldest newest most voted
1
From the tshark Man Page (and as output by tshark -h):
-V Cause TShark to print a view of the packet details.
There's quite a bit more about controlling output in the Man page.
Comments
-V is not as detailed as export from wireshark. I read the MAN, but just cant find an answer.
Arrrrrgh, after upgrade the tshark output is identitcal.
Note that you will probably need to add two-pass processing, -2, to tshark to get absolutely identical output as Wireshark always does two-pass, but it's an extra option for tshark.
0
Use
tshark -P -V -x -r {filename}
Comments
Still not as detailed as export from wireshark. :(
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments
It looks like tshark can't read the disection:
Unknown - aborting dissection Extraneous Data
GSM A-I/F DTAP - Identity Response Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: 0 10.. .... = Sequence number: 2 ..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19) Unknown - aborting dissection Extraneous Data
Arrrrrgh, after upgrade the tshark output is identitcal.