[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

Hi Zhao,

2017-10-12 2:28 GMT+02:00 Zhao Lin <zlbinghamton@xxxxxxxxx>:

Hi,

I have been trying to get expert info on tshark but with no much luck. The command that I use is

tshark -r file.pcap -z expert,warn -q

While this command does provide me the summary of warnings, but I also want to know the packet number(s) associated with each warning/error as in the GUI. Is this doable?

You can give a try to the following command line and adapt it per your needs:

tshark -r file.pcap -Y '_ws.expert.severity == "Warning"' -T fields -e frame.number -e _ws.expert

Best regards,

Pascal