> wireshark GUI supports byte selection by means of indexing an protocol > field in display filters, e.g.: > > "gsm_map.ms.autn[6] == 0x80" > > is it possible to use expressions indexed like shown above for tshark > fields specified with -e option? what is the syntax for it?
Yes it is, and it supports the same syntax, ie "-T fields -e eth.dst[0:3]" would output the OUI of the ethernet destination. Please note that you need tshark v4.4.0 or later. Cheers, Sake _______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
