This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I run wireshark from the command line to open a file, and output a file containing only the udp.length of every DNS packet?

asked 26 Oct '10, 16:29

skypemesm's gravatar image

skypemesm
46669
accept rate: 0%


You might want to take a look at rawshark or at tshark's "-T fields" option.

permanent link

answered 26 Oct '10, 16:47

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

tshark -R "dns" -r abc.pcap -T fields -e udp.length

(26 Oct '10, 17:38) skypemesm
2

and if you want to do the same for live traffic, try...

tshark -T fields -e udp.length -f "port 53"

throw a > udplength.txt to export the info to a text file

(26 Oct '10, 19:38) lchappell ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×166
×109
×26

question asked: 26 Oct '10, 16:29

question was seen: 8,968 times

last updated: 26 Oct '10, 20:17

p​o​w​e​r​e​d by O​S​Q​A