On Thu, Jan 10, 2008 at 03:05:19PM +0100, Marc Luethi wrote:
> On Wed, 2008-01-09 at 16:02 -0700, Stephen Fisher wrote:
> > On Wed, Jan 09, 2008 at 11:45:33PM +0100, Marc Luethi wrote:
> >
> > > tshark -r file.pcap -T fields -e data
> > >
> > > This yields to output in hex, which I could cope with, but it lacks
> > > the timestamp.
> >
> > You could add -e frame.time to get the frame's arrival time also
>
> That's great! Thanks a lot!
>
> Now I still wonder if I could get ASCII-output of the data field instead
> of hex? I mean ASCII in the same way as it interpreted when using -V or
> -x.
>
> I said I could cope with Hex, but it's another layer of complexity,
> since I'll get the data strings to search for as ASCII, and it could
> save us one conversion step.
How'bout:
tshark -r <capture-file> -T fields -e frame.time -e data |\
grep `echo -n "<ascii-string>" | xxd -p` |\
cut -f 1
Hex-conversion on the fly and resulting in only the timestamps ;-)
Cheers,
Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
