Used it will print the packet details only. Print the packet summary and packet details. It will print the packet summary only, with both -P and -V it will Or with -x to include raw hex-encoded packet data. It can be used with -j or -J including the JSON filter ek: Newline delimited JSON format for bulk import into Elasticsearch.Set the format of the output when viewing decoded packet data. From tshark(1): -T ek|fields|json|jsonraw|pdml|ps|psml|tabs|text But these days many output formats such as json or postscript are also possible. I chose pdml because it was the most complete and stable when I started. Which is piped into pdml2flow: $ tshark -i interface -Tpdml | pdml2flow +json
For the project I rely on the pdml output (XML) from tshark. I am currently working on a project called pdml2flow which might be of help for you as well. Tldr Pipe tshark output in any format ( -T) into your python program and parse it there.
0 kommentar(er)
