This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark command line to extract field for selected packets and output in file

1

How can I run wireshark from the command line to open a file, and output a file containing only the udp.length of every DNS packet?

asked 26 Oct '10, 16:29

skypemesm's gravatar image

skypemesm
46669
accept rate: 0%


One Answer:

1

You might want to take a look at rawshark or at tshark's "-T fields" option.

answered 26 Oct '10, 16:47

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

tshark -R "dns" -r abc.pcap -T fields -e udp.length

(26 Oct '10, 17:38) skypemesm
2

and if you want to do the same for live traffic, try...

tshark -T fields -e udp.length -f "port 53"

throw a > udplength.txt to export the info to a text file

(26 Oct '10, 19:38) lchappell ♦