I want to parse only field that I want, by Tshark using bellow tshark command:
the result is
above format is difficult to be analysis and filter.
what I need is separated this information into row as bellow :
is there any solution for my problem ?
asked 02 Jan '17, 01:31
edited 03 Jan '17, 00:34
I asked a similar question on this point a few years ago, where there are multiple Diameter AVP values of the same type in the same packet, and from that the intent was to generate per-record rows: https://ask.wireshark.org/questions/21428/tshark-e-output-how-to-bind-value-to-a-protocol-container
In short, Tshark's -T fields option alone can't really accomplish this, since you have two Diameter-level containers in the same packet, meanwhile Tshark is just looking for all occurrances of a given attribute indiscriminately of where they appear in the packet itself.
My solution back then was to use -O, and to write a perl script to do the work of putting each unique Diameter container into its own array to then print out columns. It's likely that MATE, or a Lua script could be written to achieve something like this although I haven't personally explored either option. Tshark can't do this, though.
answered 02 Jan '17, 15:37
edited 02 Jan '17, 15:38