Wireshark-users: [Wireshark-users] Reporting with Wireshark

From: "Abel, Jacob" <jabel@xxxxxxxxxxxxxxxxx>
Date: Mon, 11 Jul 2011 15:07:40 -0400

Hello all,

 

I’m using Wireshark to dump out capture files at regular intervals. I’m going to merge the in and out traffic together with mergecap and then I want to process the data with tshark. I only need basic information, but the PSML format doesn’t provide quite enough. I need port numbers in addition to that basically. I’ve been trying to sort of emulate the PSML output, but need help with the filters. There are way too many and searching doesn’t really help. This is what I have so far:

 

tshark -r test.pcap -T fields -E header=y -e ip.src -e ip.dst -e udp.port -e tcp.port -e frame.len > test.txt

 

In addition to this information, I need the time (seconds, hh:mm:ss, doesn’t matter) and the protocol, for starters. It would also be nice to see the info field as well, if it exists.

 

Thanks in advance,

Jacob