
I am trying to programmatically capture a stream of packets by using Tshark. The simplified terminal command I am using is:

tshark -i 2 -w output.pcap

This is pretty straightforward, but I then need to get a .csv file in order to easily analyze the information captured. By opening the .pcap file in Wireshark and exporting it in .csv what I get is a file structured as follows:


but,again, I need to do this in an automatic way. So I tried using the command:

tshark -r output.pcap -T fields -e frame.number -e ip.src -e ip.dst -e frame.len -e frame.time -e frame.time_relative -E header=y -E separator=, > output.csv

but I can not find anywhere the name of the "Info" field I get when manually exporting the .csv. Any ideas? Thanks!

There is no name for the Info field, because is not a filterable field like ip.src, frame.time etc.. You can find an overview of all the display filters in the Display Filter Reference.user684451
I went through the whole list yesterday and I was afraid I would not have find it as the Info field is not a filterable entity. But when I manually export the .pcap to .csv the Info entry is there, so there must be a way I can use in order to select it with the terminal command.whiplash

2 Answers


Yes, you can if you use the latest Development Release.
See Wireshark Bug 2892.
Download the Development Release Version 1.9.0.

Use the following command:
$ tshark -i 2 -T fields -e frame.time -e col.Info

Feb 28, 2013 20:58:24.604635000 Who has Tell
Feb 28, 2013 20:58:24.678963000 Who has Tell

-e col.Info,
Use capital I


How about directly exporting the packets to a csv file.

sudo tshark > fileName.csv