This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

expert info

0	Is there a way to use wireshark/tshark with options to generate the "analyze->expert info" output for an input/existing PCAP file? thanks info expert asked 07 Feb '13, 16:32 donlex 11●1●1●2 accept rate: 0%

One Answer:

Unfortunately that functionality is not implemented. The best you can do is this:

tshark -nr input.pcap -z expert -q

and/or

tshark -nr input.pcap -R "expert" -T fields -e frame.number -e expert -E occurrence=a

Regards
Kurt

answered 07 Feb '13, 16:44

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

edited 08 Feb '13, 02:02

The development version does have a tshark tap for this. e.g.

tshark -2 -r input.pcap -zexpert,<min-severity> -q

where min-severity can be error error | warn | note | chat

(08 Feb '13, 01:35) MartinM

The development version does have a tshark tap for this. e.g.

hm.. that option is already in the version 1.8.x. See my first example in the answer. Is the output different in the development version?

(08 Feb '13, 02:01) Kurt Knochner ♦

Oops, sorry, I didn't spot that your first example already uses it, and hadn't checked that it was already in 1.8. There have been no changes to the code for this since the 1.8 branch was created, so the form of the output would be the same.

If the functionality that the question wanted is not implemented, what is it that they are looking for?

(08 Feb '13, 04:31) MartinM

If the functionality that the question wanted is not implemented, what is it that they are looking for?

good question. Let's wait for an update of the OP.

(08 Feb '13, 12:05) Kurt Knochner ♦