Hi joan,
Thanks for the typo mistakes...but still i get this error message.
I tried it without the flag fileds and it works but when i pit tcp.flags command it gives me the error.
Pari
On 8/25/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
Hi Pari,
You used this command:
tshark -o column.format: ""No.", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", ""srcport", "%uS", "dstport", "%uD", "Len", "%L",
"tcp.flags.ack", "%Cust:tcp.flags.ack", "tcp.flags.syn", "%Cust:tcp.flags.syn""
-r scam13.cap | head > scam.csv
"No.", -> "No.", "%m" (missing "%m")
""srcport", -> "srcport" (skip one ")
"%Cust:tcp.flags.ack", -> "%Cus:tcp.flags.ack", (Cus in stead of Cust)
"%Cust:tcp.flags.syn", -> "%Cus:tcp.flags.syn", (Cus in stead of Cust)
These typo's were causing the error "Invalid -o flag "column.format"".
Like I mentioned before, the "tcp.flags" don't show the boolean value of
the tcp.flags (just "set" if the flags are present; it doesn't mather whether
the value is "0" or "1").
I've used this one:
tshark -o column.format:""No.", "%m", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", "srcport", "%uS", "dstport", "%uD", "len", "%L",
"tcp.flags.ack", "%Cus:tcp.flags.ack", "tcp.flags.syn", "%Cus:tcp.flags.syn""
-r <yourfile>.cap
It also works on Ubuntu ;-)
Grtz
Joan
On Thu, 21 Aug 2008 15:50:06 +0100 paritosh kulkarni wrote:
> Hi Joan,
> This is the command i tried even on ubuntu linux
>
> tshark -o column.format: ""No.", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", ""srcport", "%uS", "dstport", "%uD", "Len", "%L",
"tcp.flags.ack", "%Cust:tcp.flags.ack", "tcp.flags.syn", "%Cust:tcp.flags.syn""
-r scam13.cap | head > scam.csv
> tshark: Invalid -o flag "column.format:"
<snip>
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
