Wireshark · Wireshark-users: Re: [Wireshark-users] writing some text to Tshark output file

Wireshark-users: Re: [Wireshark-users] writing some text to Tshark output file

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sun, 16 Nov 2008 11:13:13 +0100

On Sun, Nov 16, 2008 at 01:11:50AM -0800, Maryam Homayouni wrote:
>    I tried -E option but it is not as flexible as I expect, it only writes
>    exactly the header name which is specified in -e option in top line of the
>    file above each column, for example the following command:
>    tshark -T fields -e frame.number -E header=y -E quote=d > out
>    results the following output:
>    frame.number
>    "1"
>    "2"
>    "3"
>    ...
>    but what  I am looking for is to write what ever I prefer beside the values
>    in each line, for example
> 
>    Frame Number : 1    Time : 0.0000
>    Frame Number : 2    Time : 0.0012
>     ..
>    can any body suggest me a way to get it?

tshark -Tfields and awk are your friends:

$ tshark -r test.cap -Tfields -e frame.number -e frame.time_delta | awk -F"\t" '{printf("Frame number : %d\tTime : %s\n", $1, $2)}'

 Frame number : 1        Time : 0.000000000
 Frame number : 2        Time : 1.446395000
 Frame number : 3        Time : 0.023743000
 Frame number : 4        Time : 1.001695000
 Frame number : 5        Time : 0.962079000
 Frame number : 6        Time : 0.288887000
 Frame number : 7        Time : 0.041947000
 Frame number : 8        Time : 0.768174000

Hope this helps,
Cheers,
    Sake

References:
- Re: [Wireshark-users] writing some text to Tshark output file
  - From: Maryam Homayouni

Prev by Date: Re: [Wireshark-users] writing some text to Tshark output file
Next by Date: Re: [Wireshark-users] writing some text to Tshark output file
Previous by thread: Re: [Wireshark-users] writing some text to Tshark output file
Next by thread: [Wireshark-users] Problem exporting data
Index(es):
- Date
- Thread