With that command line, you'll get exactly those fields, but be aware that some lines, such as those with ARP packets, won't have IP addresses (because they're not IP packets), and that IPv6 packets won't show IP addresses because those field names ( ip.src and ip.dst) are only for IPv4. So with that approach in mind, you could use this: tshark -r -2 -Tfields -eip.src -eip.dst -eframe.protocols When I've done that sort of thing before, I typically use tshark to extract the data and then other tools (Python, Perl, awk, etc.) to further refine the resulting data.
0 kommentar(er)
