On 1 mrt 2011, at 23:52, Gilsinn, James D. wrote: > I’m trying to find out if there’s a file somewhere that lists all of the > available Wireshark filters? I’m developing an application that uses TShark > to filter capture files based on certain criteria and returns with PSML files > that can be read and used for additional analysis. Since I’m using TShark in > a hands-off approach on Windows, I’d like to be able to do some syntax > checking of the filter before I start the TShark process to make sure that it > doesn’t come back with an error simply because someone typed “fraem” instead > of “frame”. Is there a list of all the protocol filters available for use? > > I’ve found the “wireshark-filter.html” file which lists all the protocols, > but that would require some pretty complicated processing to parse the HTML. > What I’d like to see is a text or XML file that lists all of the > capture/display filters in one file by themselves. XML would probably be > easier to parse, since some additional fields could be added without really > affecting the ease of importing the data.
You can use tshark -G for this purpose: sake@MacSake:~$ tshark -G fields | cut -f 3 | head ieee1722 ieee1722.cdfield ieee1722.subtype ieee1722.svfield ieee1722.verfield ieee1722.mrfield ieee1722.gvfield ieee1722.tvfield ieee1722.seqnum ieee1722.tufield sake@MacSake:~$ Hope this helps, Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
