https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5673
Summary: Add Info Column output option when using -T fields to
export packet data
Product: Wireshark
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jcox@xxxxxxxxxxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Currently I run a regular process that looks like this:
tshark -nr $1 -T fields -E separator=/t -e frame.time -e frame.protocols -e
ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e
eth.src -e ip.flags -e tcp.flags -e frame.len -e arp.duplicate-address-detected
-e tcp.stream -e ip.proto > output.txt
I read a Pcap file in, and dump relevant information out into a tab delimited
text file, which is then imported into a MySQL database. I would really like
to export the Info Column data. After reading and searching the email lists,
Iv noticed there is no way to do this when using the -T fields option. I have
also noticed that several others would like to do this as well.
Could we possibly add a -e frame.info (or) -e expert.info (or) -e
wireshark.info that exports the COL_INFO var in the -T fields mode.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.