Wireshark · Wireshark-users: [Wireshark-users] How to read Read specific sub-fields in Tshark??

[Sumant Gupta <sumant.gupta@xxxxxxxxxxx>]

Hi

 

I am viewing the wireshark traces using tshark and then redirecting in text file

The syntax is :

 

Tshark.exe –r filename –V

Using this all data is displayed in text format and then I redirect the output to text file.

The Problem is how to read specific fields in these traces .

Eg:

In Frame field there are many sub-fields but I want to read the arrival time sub field and not other fields??

Frame 1 (259 bytes on wire, 259 bytes captured)

    Arrival Time: Jul  2, 2008 05:32:29.693651000

    [Time delta from previous captured frame: 0.000000000 seconds]

    [Time delta from previous displayed frame: 0.000000000 seconds]

    [Time since reference or first frame: 0.000000000 seconds]

    Frame Number: 1

    Frame Length: 259 bytes

    Capture Length: 259 bytes

    [Frame is marked: False]

    [Protocols in frame: eth:ip:udp:megaco]

Ethernet II,

 

Please help

 

 

Sumant Gupta

Software Engineer

Ext:5105

 

---

"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error,please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility forloss or damage arising from the use of the information transmitted by this email including damage from virus."