On Thu, Oct 25, 2007 at 12:47:09PM -0400, Jack Foster wrote:
>
> I'm trying to get tshark to display the default summary line plus the MAC
> src and dest. My plan was to figure out the default output and then
> replicate that with the MAC src/dst on the end.
>
> So right now, "tshark -i eth1" produces:
> 1193330549.066964 192.168.0.41 -> 192.168.0.161 TCP 48689 > ssh [ACK]
> Seq=288 Ack=332016 Win=2156 Len=0 TSV=24044291 TSER=690089954
>
> I would like to have that same line with "11:22:33:44:55:66 ->
> 66:55:44:33:22:11" on the end.
>
> I think it should be done like this:
> tshark -i eth1 -T fields -e timestamp -e ip.src -e ip.dst -e protocol -e
> info -e eth.src -e eth.dst
>
> Obviously this doesn't work. Any ideas?
Why don't you set the column-format with the -o column.format:<format>
argument. Here's what I think you wanted:
sablo@for-gods-sake ~
$ tshark -i 5 -o column.format:'"No.","%m","Time","%t","Source","%s","Destination","%d","Protocol","%p","Info","%i","src","%uhs","dst","%uhd"'
Capturing on eth0
0.000000 10.31.100.95 -> 10.31.100.201 SMB Logoff AndX Request 00:11:43:78:fd:26 -> 00:13:72:50:4a:56
0.000448 10.31.100.201 -> 10.31.100.95 SMB Logoff AndX Response 00:13:72:50:4a:56 -> 00:11:43:78:fd:26
Cheers,
Sake
