On Jan 10, 2008 3:38 PM, Martin Mathieson <[EMAIL PROTECTED]> wrote: > > > On Jan 10, 2008 3:29 PM, Sake Blok <[EMAIL PROTECTED]> wrote: > > > On Thu, Jan 10, 2008 at 03:05:19PM +0100, Marc Luethi wrote: > > > On Wed, 2008-01-09 at 16:02 -0700, Stephen Fisher wrote: > > > > On Wed, Jan 09, 2008 at 11:45:33PM +0100, Marc Luethi wrote: > > > > > > > > > tshark -r file.pcap -T fields -e data > > > > > > > > > > This yields to output in hex, which I could cope with, but it > > lacks > > > > > the timestamp. > > > > > > > > You could add -e frame.time to get the frame's arrival time also > > > > > > That's great! Thanks a lot! > > > > > > Now I still wonder if I could get ASCII-output of the data field > > instead > > > of hex? I mean ASCII in the same way as it interpreted when using -V > > or > > > -x. > > > > > > I said I could cope with Hex, but it's another layer of complexity, > > > since I'll get the data strings to search for as ASCII, and it could > > > save us one conversion step. > > > > How'bout: > > > > tshark -r <capture-file> -T fields -e frame.time -e data |\ > > grep `echo -n "<ascii-string>" | xxd -p` |\ > > cut -f 1 > > > > Hex-conversion on the fly and resulting in only the timestamps ;-) > > > > Cheers, > > Sake > > > > Now I know why you're presenting "Advanced Scripting and Command Line > Usage with tshark and Related Utilities" at Sharkfest next year :) > > Martin > >
This year, I mean.
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
