Wireshark · Wireshark-users: [Wireshark-users] tshark display filter / info

Wireshark-users: [Wireshark-users] tshark display filter / info

From: Stuart Kendrick <skendric@xxxxxxxxx>

Date: Sun, 30 Oct 2011 10:38:41 -0700

How do I persuade tshark to display what Wireshark calls the 'Info' or 'Information' column?

This shows up by default (in this case, as the text beginning with 'SSH...' or 'TCP...')

guru> tshark -r server.pcap | more
  1   0.000000 10.12.5.123 -> 10.12.18.116 SSH Encrypted response packet len=68
  2   0.010257 10.12.18.116 -> 10.12.5.123 TCP 49280 > ssh [ACK] Seq=1 Ack=69 Win=255 Len=0
  3   0.260510 10.12.5.123 -> 10.12.18.116 SSH Encrypted response packet len=52

But when I specify fields:
tshark -r server.pcap -T fields -e frame.number -e ip.src -e ip.dst -e info

What string identifies the 'Info' column?  Clearly not 'info' or 'information' ...

--sk

Stuart Kendrick
FHCRC

Follow-Ups:
- Re: [Wireshark-users] tshark display filter / info
  - From: j.snelders
- Re: [Wireshark-users] tshark display filter / info
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] tshark display filter / time
Next by Date: Re: [Wireshark-users] tshark display filter / info
Previous by thread: Re: [Wireshark-users] Time Zone effect in Timestamps of Pcap
Next by thread: Re: [Wireshark-users] tshark display filter / info
Index(es):
- Date
- Thread