Wireshark-users: Re: [Wireshark-users] Printing the protocol identification from command line
From: Galloth <lordgalloth@xxxxxxxxx>
Date: Tue, 25 May 2010 13:27:46 +0200
Thanks,
that is exactly what I need.
Jan

2010/5/25 Abhik Sarkar <sarkar.abhik@xxxxxxxxx>:
> frame.protocols?
>
> On Tue, May 25, 2010 at 2:22 PM, Galloth <lordgalloth@xxxxxxxxx> wrote:
>>
>> Greetings to all,
>> I am writing a script for some packet processing and I would like to
>> use wireshark/tshark to identify the protocol. I need write source ip,
>> source port, destination ip, destination port, and the protocol
>> identification for every packet from the given pcap file. I though
>> about using tshar with -e parameter:
>>
>> tshark -T fields -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e
>> protocol
>>
>> Unfortunatelly I was not able to wind the name of the field, that
>> contains the result of the protocol identification. I would be
>> gratefull If somebody could tell me the correct name of the field with
>> the information about recognised protocol.
>>
>> Thank you very much
>> --
>> Jan Kastil
>> galloth@xxxxxxxxx
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>



-- 
Jan Kastil
galloth@xxxxxxxxx