All,
I am trying to extract fields from pcap files using tshark. I am currently
using a format like this:
tshark -r pcapfile -R "tcp.port eq xxx" -Tfields -e field1 -e field2
I don't see the fields I wanted listed on the wireshark display filter
reference listing, and when looking at the pcap files after conversion to PDML,
the fields show up like this:
<field name="" show"data I want">
I can extract the data from pdml since I can use regular expressions in python
to retreieve it, but I would rather get it from the pcap file instead of having
to convert it to pdml and extract it. Any way I can do this using tshark at
the command line?
Thanks,
Mark, [EMAIL PROTECTED]_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
