Automating exporting packet dissections using tshark

2
votes

I am trying to automate the exporting of full dissections of a pcap to a .txt file using tshark. I am aware of the file->export packet dissections as option, but I am working to automate that. Right now I have tshark -X lua_script: -r > . The files enclosed in <> are paths. The lone > is the command for printing text. It will export packet summaries but not the full dissection. IS there any way to export the full dissection to the command line. These sample line are what is exported right now, 

1 0.000000000 02:00:00:00:00:67 -> IPv4mcast_01:05:ee 0x8903 1467 Data Center Ethernet (DCE) protocol(Cisco)
 2 0.000001180 10.81.130.23 -> 239.1.5.238  ST 1451 Messages: 14
 3 0.006327070 02:00:00:00:00:67 -> IPv4mcast_01:05:ee 0x8903 1467 Data Center Ethernet (DCE) protocol(Cisco)
 4 0.006328250 10.81.130.23 -> 239.1.5.238  ST 1451 Messages: 14
 5 0.019039770 02:00:00:00:00:67 -> IPv4mcast_01:05:ee 0x8903 1467 Data Center Ethernet (DCE) protocol(Cisco)

This is what I want the exports to look like 

  No.     Time           Source                Destination           Protocol Length Info
  2 0.000001180    10.81.130.23          239.1.5.238           ST       1451   Messages: 14

Frame 2: 1451 bytes on wire (11608 bits), 1451 bytes captured (11608 bits)
Ethernet II, Src: Solarfla_0e:e4:a1 (00:0f:53:0e:e4:a1), Dst: IPv4mcast_01:05:ee (01:00:5e:01:05:ee)
Internet Protocol Version 4, Src: 10.81.130.23 (10.81.130.23), Dst: 239.1.5.238 (239.1.5.238)
User Datagram Protocol, Src Port: 43464 (43464), Dst Port: 25238 (25238)
ST Block
Block Header
    Sanity: 23559 (Should be 23559)
    Header Version (Major: 0 Minor: 1)
    Header Size in Bytes: 19
    Payload Size in Bytes: 1386
    Messages: 14
    Environment Id: 0
    Feed Id: 1 (Uqdf)
    Compression Type: 0
    Sender Id: 1
    Sequence: 37495844
Message Header
    Header Version (Major: 0 Minor: 1)
    Header Length in Bytes: 31
    Msg Type: 1 (Equity Quote)
    Message Version (Major: 0 Minor: 1)
    Msg Length in Bytes: 68
    Flags: 0
    Data Type: 1 (Equity)
    Feed Id: 1 (Uqdf)
    Feed Line: 1
    Feed Seq Num: 7123431
    Feed Sub Seq Num: 0
    Exchange Time (10:59:59.978517000)
        High: 9220
        Low: 380047880

Note: this is what the packet dissections look like when using file->export packet dissections

Thank you in advance!

1
wiresharktsharkwireshark-dissector

1 Answers

1
votes

After looking at the problem I have figured it out. It is tshark -X lua_script:filename -r p.pcap -V -T text > file.txt.

The key was the -V, as that prints packet details.