This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark -T ek or JSON export in a development version

0

Hi guys

I'm deploying a dev version of Wireshark on Ubuntu, I'm using a SAP dissector plugin for this version. I wanted to use tshark to convert some pcaps into EK JSON format. but it seems that the version does not support -T ek nor JSON export.

the question is: is there any possibility to upgrade the tshark for the current installation? also would this speical dissector be included in the EK export by default or will I need furher work within the Mapping?

Many thanks

This question is marked "community wiki".

asked 21 Nov '16, 04:54

Zalabany's gravatar image

Zalabany
6336
accept rate: 0%


One Answer:

1

Hi,

if your tshark version does not support -T ek or -T json, it means that it is older than version 2.2.0 and cannot be considered anymore as a development version( current development versions are labeled 2.3.0). This can be double checked by running the following command

tshark -v

And check the version printed. Maybe you have a globally installed tshark version that takes precedence on your development one? Which version are you supposed to have installed?

The various output formats can be checked by running

tshark -h

If you compiled a version with EK/JSON output format support, you can run it from the build folder (and eventually making an alias). The following link gives you some tips on how to generate a .deb installer from the source code but it might not be an easy task. If you want to upgrade, ensure to uninstall previous version first (you cannot upgrade tshark alone as it replies on some shared libraries that are in common with wireshark GUI).

Any dissector should be part of the EK output without any change as long as it is seen with any other output format (-T pdml for example).

answered 21 Nov '16, 06:08

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%