[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Strip off protocol layers
From: sean bzd <seanbzd () gmail ! com>
Date: 2012-02-07 19:32:06
Message-ID: CAHLZz_qgmzkn7b_sbPiav7fbdVSp18sC7rJ500shkRRuuDO7fQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thank you so much. Thats exactly what i needed. I earlier went through the
documentation for tshark but missed that option.
On Tue, Feb 7, 2012 at 1:30 PM, j.snelders <j.snelders@telfort.nl> wrote:
> Hi Sean,
>
> You can use the option -O
>
> $ tshark -h
> -O protocols: Only show packet details of these protocols, comma separated
>
> $ tshark -r Clmt_04.pcap -O http -V > clmt_04a.txt
> $ tshark -r Clmt_04.pcap -O tcp,http -V > clmt_04b.txt
>
> BTW
> I'm running TShark 1.6.5
>
> Best regards
> Joke
>
>
> On Tue, 7 Feb 2012 12:45:49 -0500 sean wrote:
> >Hi,
> >I'm using tshark to convert .pcap to .txt format using the -r option and
> >redirecting the output to a file. eg. tshark -r file.pcap -V>file.txt
> >The problem is that the size of the txt file is about 30x larger than the
> >pcap since I'm using the -V(erbose) option. I'm wondering if there is a
> way
> >to strip off some of the protocol headers that I'm not interested in. e.g.
> >I want to strip off the 'Frame', 'Ethernet' and 'IP' protocol layers
> before
> >redirecting the output to a txt. Is that possible? Another idea is to
> >selectively expand (Verbose) only the protocols i'm interested in. Is any
> >of this possible. If yes, i'd appreciate some advice. Thanks a lot.
> >Sean.
>
>
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@wireshark.org
> ?subject=unsubscribe
>
[Attachment #5 (text/html)]
Thank you so much. Thats exactly what i needed. I earlier went through the \
documentation for tshark but missed that option.<br><br><div class="gmail_quote">On \
Tue, Feb 7, 2012 at 1:30 PM, j.snelders <span dir="ltr"><<a \
href="mailto:j.snelders@telfort.nl">j.snelders@telfort.nl</a>></span> wrote:<br> \
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Sean,<br> <br>
You can use the option -O<br>
<br>
$ tshark -h<br>
-O protocols: Only show packet details of these protocols, comma separated<br>
<br>
$ tshark -r Clmt_04.pcap -O http -V > clmt_04a.txt<br>
$ tshark -r Clmt_04.pcap -O tcp,http -V > clmt_04b.txt<br>
<br>
BTW<br>
I'm running TShark 1.6.5<br>
<br>
Best regards<br>
Joke<br>
<div><div class="h5"><br>
<br>
On Tue, 7 Feb 2012 12:45:49 -0500 sean wrote:<br>
>Hi,<br>
>I'm using tshark to convert .pcap to .txt format using the -r option and<br>
>redirecting the output to a file. eg. tshark -r file.pcap -V>file.txt<br>
>The problem is that the size of the txt file is about 30x larger than the<br>
>pcap since I'm using the -V(erbose) option. I'm wondering if there is \
a<br> way<br>
>to strip off some of the protocol headers that I'm not interested in. \
e.g.<br> >I want to strip off the 'Frame', 'Ethernet' and \
'IP' protocol layers before<br> >redirecting the output to a txt. Is that \
possible? Another idea is to<br> >selectively expand (Verbose) only the protocols \
i'm interested in. Is any<br> >of this possible. If yes, i'd appreciate \
some advice. Thanks a lot.<br> >Sean.<br>
<br>
<br>
<br>
<br>
<br>
</div></div>___________________________________________________________________________<br>
Sent via: Wireshark-users mailing list <<a \
href="mailto:wireshark-users@wireshark.org">wireshark-users@wireshark.org</a>><br>
Archives: <a href="http://www.wireshark.org/lists/wireshark-users" \
target="_blank">http://www.wireshark.org/lists/wireshark-users</a><br>
Unsubscribe: <a href="https://wireshark.org/mailman/options/wireshark-users" \
target="_blank">https://wireshark.org/mailman/options/wireshark-users</a><br>
mailto:<a \
href="mailto:wireshark-users-request@wireshark.org">wireshark-users-request@wireshark.org</a>?subject=unsubscribe<br>
</blockquote></div><br>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic