Wireshark-users: Re: [Wireshark-users] writing some text to Tshark output file
Date: Sun, 16 Nov 2008 10:53:01 +0100
Hi Maryam,

You can use custom colomns:
i.e.
$ tshark -o column.format:""No.", "%m", "Time", "%t", "Source", "%s", "Destination",
"%d", "Protocol", "%p", "Info", "%i"" -r test1.cap > test1.txt

Output:
  1   0.000000  192.168.1.4 -> 213.51.144.37 DNS Standard query A www.google.co.uk
  2   0.007430 213.51.144.37 -> 192.168.1.4  DNS Standard query response
CNAME www.google.com CNAME www.l.google.com A 74.125.39.104 A 74.125.39.147
A 74.125.39.103 A 74.125.39.99
  3   0.010423  192.168.1.4 -> 74.125.39.104 TCP 1847 > 80 [SYN] Seq=0 Win=65535
Len=0 MSS=1460
  4   0.026881 74.125.39.104 -> 192.168.1.4  TCP 80 > 1847 [SYN, ACK] Seq=0
Ack=1 Win=5720 Len=0 MSS=1460
  5   0.026941  192.168.1.4 -> 74.125.39.104 TCP 1847 > 80 [ACK] Seq=1 Ack=1
Win=65535 [TCP CHECKSUM INCORRECT] Len=0
  6   0.027219  192.168.1.4 -> 74.125.39.104 HTTP GET / HTTP/1.1 

For other output formats of time stamps etc.:
http://anonsvn.wireshark.org/wireshark/trunk/epan/column.c

HTH
Joan

On Sun, 16 Nov 2008 01:11:50 -0800 (PST) Maryam Homayouni wrote:
>I tried -E option but it is not as flexible as I expect, it only writes
exactly
>the header name which is specified in -e option in top line of the file
above
>each column, for example the following command:
>tshark -T fields -e frame.number -E header=y -E quote=d > out
>results the following output:
>frame.number
>"1"
>"2"
>"3"
>...
>but what? I am looking for is to write what ever I prefer beside the values
>in each line, for example
>
>Frame Number : 1??? Time : 0.0000
>Frame Number : 2 ?? Time : 0.0012
>?..
>can any body suggest me a way to get it?
>
>
>
>--- On Tue, 11/11/08, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
>From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
>Subject: Re: [Wireshark-users] writing some text to Tshark output file
>To: marnameh@xxxxxxxxx
>Received: Tuesday, November 11, 2008, 4:46 AM
>
>Not that I am aware of, but perhaps someone else can suggest
>something. You might also want to look at the -E option in combination
>with your existing command.
>
>On Tue, Nov 11, 2008 at 7:55 AM, Maryam Homayouni <marnameh@xxxxxxxxx>
>wrote:
>> Hi,
>> I used this option to write the value of some parameters, for example
the
>> following command :
>> tshark -T fields -e frame.num > outfile
>>
>> results the following output
>> 1
>> 2
>> 3
>> 4
>> ..
>> but i want to have the following output:
>> FrameNumber : 1
>> FrameNumber : 2
>> ..
>> I mean I want to make tshark to write what I wrote in command line + the
>> value of packet's parameters.
>> Is there any way to do that?
>>
>> Regards,
>> M.Homayouni
>>
>>
>> --- On Mon, 11/10/08, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
>>
>> From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
>> Subject: Re: [Wireshark-users] writing some text to Tshark output file
>> To: marnameh@xxxxxxxxx, "Community support list for Wireshark"
>> <wireshark-users@xxxxxxxxxxxxx>
>> Received: Monday, November 10, 2008, 5:35 AM
>>
>> Maryam,
>> Please check the manpage of tshark (one copy here
>> http://linux.die.net/man/1/tshark).
>> I think the -T fields options is what you are looking for.
>> Regards,
>> Abhik
>> On Mon, Nov 10, 2008 at 2:19 PM, Maryam Homayouni
><marnameh@xxxxxxxxx>
>> wrote:
>>> Hi All,
>>>
>>> I am new to tshark, trying to redirect some parameters of udp packets
>to
>> an
>>> output file, but in addition to the parameters I want to write the
>name of
>>> parameters beside them (from command line) for examlple when I get
>frame
>>> number parameter , I want to have the "Frame Number" phrase
>> before its value
>>> in the output file.
>>> i.e. output file:
>>>  Frame Mumber: <frame.num value>
>>>
>>> could any body help me finding a way for that?
>>>
>>> Regards,
>>>  M.Homayouni
>>> ________________________________
>>> Now with a new friend-happy design! Try the new Yahoo! Canada
>Messenger
>>> _______________________________________________
>>> Wireshark-users mailing list
>>> Wireshark-users@xxxxxxxxxxxxx
>>> https://wireshark.org/mailman/listinfo/wireshark-users
>>>
>>>
>>
>> ________________________________
>> Looking for the perfect gift? Give the gift of Flickr!
>
>
>
>      __________________________________________________________________
>Ask a question on any topic and get answers from real people. Go to Yahoo!
>Answers and share what you know at http://ca.answers.yahoo.com
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-users