Get Data same as Wireshark using Tshark

tshark.exe -i 1 -P -V -S \"End of Packet\" -x

gives all the required data of the packet, packet detail as well as packet bytes

but how can I split the Frames Ethernet IP Version TCP


tried using :

-E<fieldsoption>=<value> set options for output when -Tfields selected:
 header=y|n            switch headers on and off
 separator=/t|/s|<char> select tab, space, printable character as separator
 occurrence=f|l|a      print first, last or all occurrences of each field
 aggregator=,|/s|<char> select comma, space, printable character as

Thanks, in advance

asked 19 Nov '14, 01:59

accept rate: 0%

One Answer:


You must add a -T fields parameter to use -E and -e. What did you try?

answered 19 Nov '14, 02:15

grahamb
accept rate: 22%

edited 19 Nov '14, 02:25

no I didn't added -T fields

can you show me an example if you have?

(19 Nov '14, 02:19) erarijit

I've corrected my answer a bit. Use -T fields to switch to fields mode, use -E to set field options such as separator and quotes and then use multiple -e fieldname parameters to specify the fields.

There are examples of the parameters in the tshark man page, and Google and this site should show you lots more.

(19 Nov '14, 02:30) grahamb ♦