I am trying to use tshark to export text files from pcap with the same amount of information as I would get from wireshark -> file -> export packet dissections > as plain text.
when I use
tshark -r input.pcap -T text –> the output is only the information line and nothing from the body of the packet
when using
tshark -r input.pcap -T text -V –> the information is too much details to process and is not condensed as wireshark export (the answer of -PV2r generates the full verbose data)
I tried the -T fields and using -e, but the problem is that the protocol for the packets will be different for the pcaps, and it is not possible to define all the fields manually
in other words, is there a way to control the amount of information produced by the -V flag in tshark?
thanks for the help in advance
` tshark -r input.pcap -T text
tshark -r input.pcap -T text -V
tshark -r inuput.pcap -T fields -e field1 -e field2
tshark -PV2r input.pcap`
activemorta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Have you looked into using the -O <protocols> option? If you only want the packet summary line to be printed for each protocol, you can specify a non-existent protocol such as tshark -O foo -r input.pcap, but if you’re interested in the details of one or more protocols, you can list the ones you’re interested in. Refer to the tshark man page for more details about this option.