This is a static archive of our old Q&A Site. Please post any new questions and answers at

Wireshark command line to extract field for selected packets and output in file


How can I run wireshark from the command line to open a file, and output a file containing only the udp.length of every DNS packet?

asked 26 Oct '10, 16:29

skypemesm's gravatar image

accept rate: 0%

One Answer:


You might want to take a look at rawshark or at tshark's "-T fields" option.

answered 26 Oct '10, 16:47

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
accept rate: 24%

tshark -R "dns" -r abc.pcap -T fields -e udp.length

(26 Oct '10, 17:38) skypemesm

and if you want to do the same for live traffic, try...

tshark -T fields -e udp.length -f "port 53"

throw a > udplength.txt to export the info to a text file

(26 Oct '10, 19:38) lchappell ♦