Wireshark · Wireshark-users: [Wireshark-users] Tshark to Display MAC Field

Wireshark-users: [Wireshark-users] Tshark to Display MAC Field

From: "Jack Foster" <jack.foster11@xxxxxxxxx>

Date: Thu, 25 Oct 2007 12:47:09 -0400

Hi gang,

I'm trying to get tshark to display the default summary line plus the MAC src and dest. My plan was to figure out the default output and then replicate that with the MAC src/dst on the end.

So right now, "tshark -i eth1" produces:
1193330549.066964 192.168.0.41 -> 192.168.0.161 TCP 48689 > ssh [ACK] Seq=288 Ack=332016 Win=2156 Len=0 TSV=24044291 TSER=690089954

I would like to have that same line with "11:22:33:44:55:66 -> 66:55:44:33:22:11" on the end.

I think it should be done like this:
tshark -i eth1 -T fields -e timestamp -e ip.src -e ip.dst -e protocol -e info -e eth.src -e eth.dst

Obviously this doesn't work. Any ideas?
Jack

Follow-Ups:
- Re: [Wireshark-users] Tshark to Display MAC Field
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] Configure problem with pcap_open_live
Next by Date: Re: [Wireshark-users] Ipw3945 monitor mode
Previous by thread: Re: [Wireshark-users] R: R: R: Ipw3945 monitor mode
Next by thread: Re: [Wireshark-users] Tshark to Display MAC Field
Index(es):
- Date
- Thread