https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5968
--- Comment #3 from Sake <sake@xxxxxxxxxx> 2011-05-28 08:11:52 PDT ---
(In reply to comment #2)
> (In reply to comment #1)
> > Are you sure the first five packets are TCP and not UDP?
>
> Sake,thanks that is indeed the case!
>
> Now these messages can be delivered over either TCP or UDP (SIP protocol), is
> there a possibility to get the port independent of TCP or UDP?
That is not possible. Of course if there is a big demand for it, it could be
added, but...
> Or should one
> specify in that case both? Like:
>
> tshark ....... -e ip.src -e tcp.srcport -e udp.srcport \
> -e ip.dst -e tcp.dstport -e udp.dstport
... the above works fine. If you do need to get the port in one column, you can
always pipe the output through a little awk script to combine the two into one.
Something like:
tshark ... -E separator=',' -T fields -e ip.src -e tcp.srcport -e udp.srcport
-e ip.dst -e tcp.dstport -e udp.dstport | awk -F,
'{printf("%s,%s,%s,%s\n",$1,$2==""?$3:$2,$4,$5==""?$6:$5)}'
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.