Wireshark-users: [Wireshark-users] Betr: Re: wireshark extract specific field

Date: Wed, 20 Aug 2008 06:23:53 +0200
On Tue, 19 Aug 2008 22:59:33 +0100 paritosh kulkarni wrote

>Thanks Joan this command works but still it gives the protocol in protocol
>number format.
>Is it the way oit shows or we can change it some other way.

I don't know ;-(

>On 8/19/08, j.snelders@xxxxxxxxxx <j.snelders@xxxxxxxxxx> wrote:
>>
>> On Tue, 19 Aug 2008 15:41:30 +0100 paritosh kulkarni wrote:
>> > one thing i want to ask is i get the protocol and flags in numerical
>> values
>>
>> > how to get them in the states we see as in wireshark.
>> > i.e like TCP instead as 0x06 and flags as SYN or FIn or SYN/ACK instead
>> of 0x18.
>>
>> I don't think so, but correct me if I'm wrong.
>>
>> If you use this command, you can at least see which flags are set.
>> $ tshark -r test.cap -T fields -e frame.number -e frame.time -e ip.src
>> -e ip.dst -e ip.proto -e tcp.srcport -e tcp.dstport -e frame.len -e tcp.len
>>
>> -e tcp.flags.cwr -e tcp.flags.ecn -e tcp.flags.urg -e tcp.flags.ack -e
>> tcp.flags.push
>> -e tcp.flags.reset -e tcp.flags.syn -E header=y > test.csv
>>
>> Hope this helps somehow
>> Joan
>>
>>
>>
>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-users