This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Extracting Arrival Time and Source

0

I have managed to get a reasonable specific capture filter working and now I need to get some very specific information out of the results.

My Capture filter limits the traffic to a specific TCP port.

How can I write out to something like a CSV file, just the following 2 fields (although they are from different data levels):

  • Arrival Time from Frame
  • Source from Internet Protocol Version 4

Thanks in anticipation.

Alan

asked 15 Oct '14, 20:22

Alan%20Eth's gravatar image

Alan Eth
6223
accept rate: 0%


One Answer:

0

Using tshark, have a look at the -T fields and -e fieldname options, i.e.-T fields -e frame.time -e ip.src. The field names for the -e options are display filter field names which can be easily determined using Wireshark by inspecting the field in the packet details display and looking at the field info at the bottom left of the status bar where the filter name is in parentheses.

If you want to do this using Wireshark, you will have to arrange that only the required columns are on display, then from the menu select File | Export Packet Dissections | As CSV, and in the options dialog uncheck "Packet details".

answered 16 Oct '14, 06:09

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%