Hi Pari,
You used this command:
tshark -o column.format: ""No.", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", ""srcport", "%uS", "dstport", "%uD", "Len", "%L",
"tcp.flags.ack", "%Cust:tcp.flags.ack", "tcp.flags.syn", "%Cust:tcp.flags.syn""
-r scam13.cap | head > scam.csv
"No.", -> "No.", "%m" (missing "%m")
""srcport", -> "srcport" (skip one ")
"%Cust:tcp.flags.ack", -> "%Cus:tcp.flags.ack", (Cus in stead of Cust)
"%Cust:tcp.flags.syn", -> "%Cus:tcp.flags.syn", (Cus in stead of Cust)
These typo's were causing the error "Invalid -o flag "column.format"".
Like I mentioned before, the "tcp.flags" don't show the boolean value of
the tcp.flags (just "set" if the flags are present; it doesn't mather whether
the value is "0" or "1").
I've used this one:
tshark -o column.format:""No.", "%m", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", "srcport", "%uS", "dstport", "%uD", "len", "%L",
"tcp.flags.ack", "%Cus:tcp.flags.ack", "tcp.flags.syn", "%Cus:tcp.flags.syn""
-r <yourfile>.cap
It also works on Ubuntu ;-)
Grtz
Joan
On Thu, 21 Aug 2008 15:50:06 +0100 paritosh kulkarni wrote:
> Hi Joan,
> This is the command i tried even on ubuntu linux
>
> tshark -o column.format: ""No.", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", ""srcport", "%uS", "dstport", "%uD", "Len", "%L",
"tcp.flags.ack", "%Cust:tcp.flags.ack", "tcp.flags.syn", "%Cust:tcp.flags.syn""
-r scam13.cap | head > scam.csv
> tshark: Invalid -o flag "column.format:"
<snip>
