I would like to customize the output of my tshark a bit...
1. Where do I find a reference of the most useful field keywords to use? (for the -e option)
Like the timestamp, the one-line-summary-info, packet length, TTL-values, etc?
2. What is the "-Tfields -e" command to get the normal text output but without the preceeding timestamp on every row? (witch tcpdump, you simply add -t to remove the time)
I'm really missing the possibility to in a simple way add a little bit of verboseness (like tcpdump's -v option, with more details the more v's you add, and the -e option with additional link layer info). I don't want to switch to -V view just to compare the IP ID of packets, ttl values or see their length.
/Elof
Senaste resenyheterna & prisvärda flyg till hela världen! MSN Resor
|