Richard Sharpe <realrichardsharpe@...> writes: > Sure, I can do the search, and I did, but the actual info I am > interested in, like the priority, etc, is buried among 230 entries and > I have to patiently scroll until I find it. > > That is hard to do.
I see your point. My attempt using tshark didn't produce very good results either. tshark -r kdcqueries.pcap -Y dns.resp.addr -T fields -e frame.number -e dns.resp.name -e dns.resp.addr There does seem to be a limitation in the search feature where it only finds a packet containing a match, but not each highlighted matching instance of the search criteria within a packet when you "search next/previous". ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
