Wireshark-users: Re: [Wireshark-users] wireshark extract specific field

Date: Tue, 19 Aug 2008 08:23:45 +0200
In Tshark, for instance, you can use:
$ tshark -r test.cap -T fields -e frame.number -e frame.time -e ip.src 
-e ip.dst -e tcp.srcport -e tcp.dstport -e frame.len -e tcp.len -e tcp.flags

-E header=y > test.csv

Add/remove the fields you need.

HTH
Joan

On Tue, 19 Aug 2008 00:54:47 +0100 paritosh kulkarni wrote:
>I am new to use wireshark . I am doing a project in which i have to analyse
>hacking attacks for which i am using snort log(.log)
>files. I can view these files in wireshark but only some feilds.
>
>
>I have a problem using wireshark.
>I want to get some specific feilds in csv format but i cant get them as
wire
>shark shows only the src ip, dst ip, time, protocol and info.
>
>I want to get src port, dst port, tcpflags and packet lenght also. Can you
>please tell me how to do that in wireshark or tshark.
>If you can give me a command to do that it will be really gratefull.