Wireshark-users: Re: [Wireshark-users] Betr: Re: wireshark extract specific field
Hi,
I tried the command you gave joan but it gives me an error stating
'head' is not an internal or external command,operable program or batch file.
What may be the error?
cheers
pari
On 8/20/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
On Tue, 19 Aug 2008 22:59:33 +0100 paritosh kulkarni wrote:
> Thanks Joan this command works but still it gives the protocol in protocol
number format.
> Is it the way oit shows or we can change it some other way.
Well, I've tried something else: custom columns:
$ tshark -o column.format:""No.", "%m", "Time", "%t", "Source", "%s", "Destinat
ion", "%d", "Protocol", "%p", "srcport", "%uS", "dstport", "%uD", "len",
"%L",
"tcp.flags.ack", "%Cus:tcp.flags.ack", "tcp.flags.syn", "%Cus:tcp.flags.syn""
-
r test.cap | head
1 0.000000 00:0d:8d:66:86:ce -> ff:ff:ff:ff:ff:ff ARP 42
2 0.000265 00:02:44:49:42:7b -> 00:0d:8d:66:86:ce ARP 60
3 0.000278 192.168.1.4 -> 210.61.144.37 DNS 64120 53 76
4 0.008086 210.61.144.37 -> 192.168.1.4 DNS 53 64120 380
5 0.010454 192.168.1.4 -> 64.149.93.104 TCP 1090 80 62 Set Set
6 0.025914 64.149.93.104 -> 192.168.1.4 TCP 80 1090 62 Set Set
7 0.025976 192.168.1.4 -> 64.149.93.104 TCP 1090 80 54 Set Set
8 0.032307 192.168.1.4 -> 64.149.93.104 HTTP 1090 80 481 Set Set
9 0.044930 64.149.93.104 -> 192.168.1.4 TCP 80 1090 60 Set Set
10 0.053650 64.149.93.104 -> 192.168.1.4 TCP 80 1090 1472 Set Set
* and Yes, you've got your protocol
** but it doesn't show the boolean value of the tcp.flags (just set or nothing)
BTW Wireshark gives the same result.
Grtz
Joan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
