Hi all, I have been attempting to use TShark in a batch method to process a significant number of pcap files to .csv files. I am aware that this can be done using the "-T fields" approach, or just as "-T text". However, the output I want is just as it would be presented in wireshark, i.e. an overall source, not just an IP or Ethernet address, etc. I'd also like to include the information field, and I would also like to not lose the granularity of the protocol, and have this displayed in text, as opposed to an index. Does anyone have any suggestions about how to do this? asked 12 Mar '12, 02:05  TimeLord86 edited 12 Mar '12, 02:05 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
It's not entirely clear which fields you want, i.e. what do you mean by "overall source, not just IP or Ethernet address"? The "granularity of the protocol" isn't clear either.
If you explain your requirements more clearly someone may be able to help.