You can also do this with editcap: editcap -F k12text a.pcap a. So, if you want to read the pcap file and write it out as a "K12 text format" file, you can do it with tshark -F k12text -r a.pcap -w a.txt However, from a user-interface sense, it's more like "Save As." in Wireshark, because it's a capture file format. "K12 text format" is a text packet capture format it's what some Tektronix equipment can write out - in that sense, it's similar to writing out the raw hex data, plus some metadata. So there's no such thing as "the" text format to save a pcap file as there are a bunch of choices. a C source file showing the raw hex data of the packets, with each packet being in a separate C array of byte values.a JSON file showing the details of each packet.a PDML file showing, as XML, the components of the details of each packet.a PSML file showing, as XML, the components of the packet summaries Using TShark command tshark.exe -r input.pcap -z follow,udp,raw,0 -w output.a CSV file of particular fields from the packet I am unable to load a pcap file into the GUI of Wireshark via a command line load, using run of wireshark.exe.a CSV file of columns from the packet summaries.a combination of two of those, or of all three of those.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |