On Thu, Oct 25, 2007 at 12:47:09PM -0400, Jack Foster wrote: > > I'm trying to get tshark to display the default summary line plus the MAC > src and dest. My plan was to figure out the default output and then > replicate that with the MAC src/dst on the end. > > So right now, "tshark -i eth1" produces: > 1193330549.066964 192.168.0.41 -> 192.168.0.161 TCP 48689 > ssh [ACK] > Seq=288 Ack=332016 Win=2156 Len=0 TSV=24044291 TSER=690089954 > > I would like to have that same line with "11:22:33:44:55:66 -> > 66:55:44:33:22:11" on the end. > > I think it should be done like this: > tshark -i eth1 -T fields -e timestamp -e ip.src -e ip.dst -e protocol -e > info -e eth.src -e eth.dst > > Obviously this doesn't work. Any ideas?
Why don't you set the column-format with the -o column.format:<format> argument. Here's what I think you wanted: [EMAIL PROTECTED] ~ $ tshark -i 5 -o column.format:'"No.","%m","Time","%t","Source","%s","Destination","%d","Protocol","%p","Info","%i","src","%uhs","dst","%uhd"' Capturing on eth0 0.000000 10.31.100.95 -> 10.31.100.201 SMB Logoff AndX Request 00:11:43:78:fd:26 -> 00:13:72:50:4a:56 0.000448 10.31.100.201 -> 10.31.100.95 SMB Logoff AndX Response 00:13:72:50:4a:56 -> 00:11:43:78:fd:26 Cheers, Sake _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
