I guess that it is just not meant to be
written for the file. As I have mentioned I am totally a newbie.
I will try working my way with a Lua tap
that will hopefully be able to get the whole protocol tree for each packet and
perform my algorithm.
Hopefully this is the way it is meant to
be done.
Tal
From: Beno, Tal
Sent: Monday, March 02, 2009 2:06
PM
To:
'wireshark-users@xxxxxxxxxxxxx'
Subject: RE: Can I see all
protocol dissection through tshark?
Actually after doing it exactly as you did
I have understood that the problem is in the –w directive.
When using the standard output the tree is
shown as you have mentioned.
If I use –w filename there is no protocol
tree in the saved file.
Strange but as usual it must be something
that I am doing wrong. Any idea what that might be please?
Tal
From: Beno, Tal
Sent: Monday, March 02, 2009 1:44
PM
To:
'wireshark-users@xxxxxxxxxxxxx'
Subject: RE: RE: Can I see all
protocol dissection through tshark?
Thanks Mr. Blok,
I was actually trying to do it this way,
and just in case added now the –R option as you had it:
tshark -i 4 -w c:\_LAB\out.cap -R http.request –V
But I get in the output file only raw compressed
HTTP data, and not the full tree. Do I need to configure something else in the
environment to make it work?
Thanks,
Tal
From:
"Sake Blok" <sake@xxxxxxxxxx>
Date: Mon, 2 Mar 2009 12:20:00
+0100
Yes, you can use the "-V" command line option to
see the complete dissection tree:
$ tshark -r client.cap -R http.request -c1 -V)
|
…
From: Beno, Tal
Sent: Monday, March 02, 2009 12:14
PM
To:
'wireshark-users@xxxxxxxxxxxxx'
Subject: Can I see all protocol
dissection through tshark?
Hi,
I am fairly new and am still learning the basics.
I am trying to use tshark for background only capturing and
analysis (no display needed\wanted).
I am seeing in the captured stream only the pcap protocols
such as TCP.
My need is to dissect the packets also for all the
additional protocols as supported in the Wireshark UI (HTTP, FTP, TELNET
…).
Is it possible through tshark (or any other non UI way)?
Thanks,
Tal