Hi, I have done some command-line capturing of WLAN packets with dumpcap. Would like to use a display filter in tshark to extract some info in a table. Have found out how to get the MAC addresses for example, but I'm looking for a full list of header fields to be able to get other things out as well. The only thing I have come across this far is this documentation of display filter (for Wireshark, not tshark): https://www.wireshark.org/docs/dfref/w/wlan_mgt.html https://www.wireshark.org/docs/dfref/w/wlan_aggregate.html https://www.wireshark.org/docs/dfref/w/wlan_mgt.html Though, these filters don't work well whey I try them out in tshark. And what I get to work is not listed on these pages. So I suspect that the filters in tshark look different than in Wireshark. Is this correct? And is there a complete list of tshark WLAN filters to find somewhere? Thanks! Sam asked 05 Mar '15, 20:43  SamA edited 05 Mar '15, 20:58 |
One Answer:
To get a complete list of fields (for all protocols, so it's very big), use:
answered 06 Mar '15, 02:22  grahamb ♦ |
the fields are the same. What exactly is not working with tshark and what is your tshark version (-v)?