On 21 sep 2010, at 08:54, yuva raj wrote:
> Can -z option could be of any help? Because we have been using tethereal for a longer time. We prefer not to discontinue it. Please help me in this regard. Atleast if possible, please provide examples for using -z option.
tshark has all the functionality of tethereal (it is the same code but under a different name due to trademark ownership by Gerald's previous employer).
(See: http://netsecurity.about.com/od/securitytoolprofiles/p/wireshark.htm )
There are possibilities to use -z to display specific columns, but only the ones that tethereal provides. ip.ttl and ip.frag_offset are not among them. For those you need custom columns, which is a feature added to tethereal after the name has been changed to tshark.
The only way to extract those fields IMHO is to output the whole tree with -V or -T pdml and parse the output with a script. But I would really go for the tshark option...
Cheers,
Sake