Hi Mark,
You can use custom columns.
Here are some examples:
$ tshark -o column.format:""Time", "%t", "Source", "%s", "Destination","%d",
"Protocol", "%p", "Info","%i""
0.000000 192.168.1.44 -> 74.125.77.147 TCP 1414 > 80 [SYN] Seq=0 Win=65535
Len=0 MSS=1460
0.015414 74.125.77.147 -> 192.168.1.44 TCP 80 > 1414 [SYN, ACK] Seq=0
Ack=1 Win=5720 Len=0 MSS=1460
0.015464 192.168.1.44 -> 74.125.77.147 TCP 1414 > 80 [ACK] Seq=1 Ack=1
Win=65535 [TCP CHECKSUM INCORRECT] Len=0
0.015648 192.168.1.44 -> 74.125.77.147 HTTP GET / HTTP/1.1
$ tshark -o column.format:""Source", "%s","Destination", "%d", "Protocol",
"%p""
192.168.1.44 -> 212.54.40.25 DNS
212.54.40.25 -> 192.168.1.44 DNS
192.168.1.44 -> 74.125.77.105 TCP
192.168.1.44 -> 74.125.77.105 TCP
74.125.77.105 -> 192.168.1.44 TCP
192.168.1.44 -> 74.125.77.105 TCP
74.125.77.105 -> 192.168.1.44 TCP
192.168.1.44 -> 74.125.77.105 TCP
192.168.1.44 -> 74.125.77.100 TCP
$ tshark -o column.format:""No.", "%m", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", "srcport", "%uS", "dstport", "%uD", "len", "%L",
"tcp.flags.ack", "%Cus:tcp.flags.ack", "tcp.flags.syn", "%Cus:tcp.flags.syn""
0.000000 192.168.1.44 -> 212.54.40.25 DNS 63480 53 76
0.008135 212.54.40.25 -> 192.168.1.44 DNS 53 63480 412
0.226913 192.168.1.44 -> 74.125.77.106 TCP 1430 80 62 Not set Set
0.242972 74.125.77.106 -> 192.168.1.44 TCP 80 1430 62 Set Set
0.243021 192.168.1.44 -> 74.125.77.106 TCP 1430 80 54 Set Not set
0.243214 192.168.1.44 -> 74.125.77.106 HTTP 1430 80 364 Set Not set
0.243377 192.168.1.44 -> 74.125.77.113 TCP 1366 80 54 Set Not set
0.259001 74.125.77.106 -> 192.168.1.44 TCP 80 1430 60 Set Not set
Hope this helps
Joan
On Mon, 3 Aug 2009 13:14:08 +0300 Mark Ryden wrote:
>Hello,
>Is there a way to run thsark without displaying the time column ?
>Mark
