Wireshark-users: Re: [Wireshark-users] wireshark extract specific field
From: "paritosh kulkarni" <paritosh26@xxxxxxxxx>
Date: Tue, 19 Aug 2008 15:41:30 +0100
Hey ,
 
Thanks a lot for your help guy's.
Joan your command works fine i got the feilds what i wanted thankyou very much.
 
one thing i want to ask is i get the protocol and flags in numerical values how to get them in the states we see as in wireshark.
i.e like TCP instead as 0x06 and flags as SYN or FIn or SYN/ACK instead of 0x18.
 
 
cheers
pari
On Tue, Aug 19, 2008 at 7:23 AM, <j.snelders@xxxxxxxxxx> wrote:
In Tshark, for instance, you can use:
$ tshark -r test.cap -T fields -e frame.number -e frame.time -e ip.src
-e ip.dst -e tcp.srcport -e tcp.dstport -e frame.len -e tcp.len -e tcp.flags

-E header=y > test.csv

Add/remove the fields you need.

HTH
Joan

On Tue, 19 Aug 2008 00:54:47 +0100 paritosh kulkarni wrote:
>I am new to use wireshark . I am doing a project in which i have to analyse
>hacking attacks for which i am using snort log(.log)
>files. I can view these files in wireshark but only some feilds.
>
>
>I have a problem using wireshark.
>I want to get some specific feilds in csv format but i cant get them as
wire
>shark shows only the src ip, dst ip, time, protocol and info.
>
>I want to get src port, dst port, tcpflags and packet lenght also. Can you
>please tell me how to do that in wireshark or tshark.
>If you can give me a command to do that it will be really gratefull.





_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users