Title: Multiple ports in tshark decode as
Hi ,
I am trying to decode two non standard http ports (eg. 4567 & 7865) as http traffic in a pcap file.
Currently we use the GUI to say "decode as" twice (one for each port) under the analyze menu. We want to do this on the command line.
I am currently using the tshark with -d option to decode the TCP traffic on port 4567 as http traffic and save the output to tsharktest.cap
/usr/sbin/tshark -r /tmp/test.pcap -d tcp.port==4567,http -w /tmp/tsharktest.cap
The problem is that we have the traffic on a another port 7865 and we want that to be decoded as http as well.
Currently we repeat the "decode as" process in the GUI for each port.
Thanks
Regards
Syed Sadiq Shareef
Service & Solutions Operations, Integration Delivery
Contractor for Ericsson
E
6300 Legacy Drive Office: +1 972 583-4166
Plano, Texas 75024 Mobile: +1 214 908-3394
U.S.A Fax: +1 972 583-0270
e-mail: sadiq.xx.shareef@xxxxxxxxxxxx
Approved Disclaimer
This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.
E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.