This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Using tshark with -o “column.format: choosing few fields

0

Hello Group,

I would like to produce output based on few fields i choose to pick, I found out searching the internet that -o "column.format:\"Info\",\"%i\"" for info column my question is how or is it possible to chain few more fields like Time , source, destination,info ,protocol , Ack Rtt etc... just to a quick notice i currently working under Windows

Please advice

Thanks

asked 18 Oct '14, 05:41

tbaror's gravatar image

tbaror
10121215
accept rate: 0%

One Answer:

1

Look at the -T fields and -e xxx options. Note that you can apply as many -e options as you wish.

answered 18 Oct '14, 07:01

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%