Hi gang,
I'm trying to get tshark to display the default summary line plus the MAC src and dest. My plan was to figure out the default output and then replicate that with the MAC src/dst on the end.
So right now, "tshark -i eth1" produces:
1193330549.066964
192.168.0.41 ->
192.168.0.161 TCP 48689 > ssh [ACK] Seq=288 Ack=332016 Win=2156 Len=0 TSV=24044291 TSER=690089954
I would like to have that same line with "11:22:33:44:55:66 -> 66:55:44:33:22:11" on the end.
I think it should be done like this:
tshark -i eth1 -T fields -e timestamp -e ip.src -e ip.dst -e protocol -e info -e eth.src -e eth.dst
Obviously this doesn't work. Any ideas?
Jack