Hi guys I'm deploying a dev version of Wireshark on Ubuntu, I'm using a SAP dissector plugin for this version. I wanted to use tshark to convert some pcaps into EK JSON format. but it seems that the version does not support -T ek nor JSON export. the question is: is there any possibility to upgrade the tshark for the current installation? also would this speical dissector be included in the EK export by default or will I need furher work within the Mapping? Many thanks This question is marked "community wiki". asked 21 Nov '16, 04:54  Zalabany |
One Answer:
Hi, if your tshark version does not support -T ek or -T json, it means that it is older than version 2.2.0 and cannot be considered anymore as a development version( current development versions are labeled 2.3.0). This can be double checked by running the following command And check the version printed. Maybe you have a globally installed tshark version that takes precedence on your development one? Which version are you supposed to have installed? The various output formats can be checked by running If you compiled a version with EK/JSON output format support, you can run it from the build folder (and eventually making an alias). The following link gives you some tips on how to generate a .deb installer from the source code but it might not be an easy task. If you want to upgrade, ensure to uninstall previous version first (you cannot upgrade tshark alone as it replies on some shared libraries that are in common with wireshark GUI). Any dissector should be part of the EK output without any change as long as it is seen with any other output format (-T pdml for example). answered 21 Nov '16, 06:08  Pascal Quantin |
