This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

conversion of pcap to text file

Hi I am using wireshark version 1.0.2 in unix.I Want to convert pcap to text file using command "tshark -r filename.pcap -O tcp -x > filename.txt",but the command is not working for me.

Could you please tell me what command I should give to make it work in wireshark 1.0.2 version.

Thanks Ram

command-line

asked 09 Sep '14, 22:59

ramkumarbarai
1●2●2●2
accept rate: 0%

One Answer:

The -O option was only introduced in Wireshark 1.6.0 so you can't use that in version 1.0.2 (assuming that wasn't a typo).

In 1.0.2 you'll have to do something like tshark -r filename.pcap -V -x > filename.txt. "-V" will decode/expand all the protocol layers, though. If you want just TCP to be expanded you'll need to upgrade.

answered 10 Sep '14, 07:47

JeffMorriss ♦
6.2k●5●72
accept rate: 27%