On Thu, Jan 23, 2014 at 05:38:09PM +0100, Matteo Arnò wrote:
> I would like to convert a pcapng into text (from command line) for
> automated parsing using a SW tool.
>
> Is there any way to display the column headers for EACH packet, when
> converting the pcap to txt file using Tshark?
>
> i.e. I want this line:
> No. Time Source Destination
> Protocol Length Info
>
> above the information related to each packet.
>
> I tried -T fields with -e options, but apparently the header is only
> displayed in the first line of the txt file. I need it to be displayed with
> each packet (as it happens with the manual "export packet dissections" from
> wireshark).
tshark -r rtsp.pcap -Tfields -Eheader=y -e <field1> -e <field2> ... | perl -ne 'if ($header) { print "$header$_"; } else { $header=$_; }'
Ciao
Jörg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.