summaryrefslogtreecommitdiff
path: root/doc/tshark.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/tshark.pod')
-rw-r--r--doc/tshark.pod28
1 files changed, 21 insertions, 7 deletions
diff --git a/doc/tshark.pod b/doc/tshark.pod
index 4138d9b1f5..8f1b77d158 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -545,11 +545,18 @@ this option.
=item -j E<lt>protocol match filterE<gt>
-Protocol match filter used for ek|json|pdml output file types.
+Protocol match filter used for ek|json|jsonraw|pdml output file types.
Parent node containing multiple child nodes is only included,
if the name is found in the filter.
-Example: B<-j "http tcp ip">
+Example: B<-j "ip ip.flags text">
+
+=item -J E<lt>protocol match filterE<gt>
+
+Protocol top level filter used for ek|json|jsonraw|pdml output file types.
+Parent node containing multiple child nodes is included with all children.
+
+Example: B<-J "http tcp">
=item -K E<lt>keytabE<gt>
@@ -741,14 +748,14 @@ was captured
The default format is relative.
-=item -T ek|fields|json|pdml|ps|psml|text
+=item -T ek|fields|json|jsonraw|pdml|ps|psml|text
Set the format of the output when viewing decoded packet data. The
options are one of:
B<ek> Newline delimited JSON format for bulk import into Elasticsearch.
-It can be used with B<-j> including the JSON filter or with B<-x> flag
-to include raw packet data.
+It can be used with B<-j> or B<-J> including the JSON filter or with
+B<-x> flag to include raw hex-encoded packet data.
Example of usage to import data into Elasticsearch:
tshark -T ek -j "http tcp ip" -x -r file.pcap > file.json
@@ -762,13 +769,20 @@ form specified by the B<-E> option. For example,
would generate comma-separated values (CSV) output suitable for importing
into your favorite spreadsheet program.
-B<json> JSON file format. It can be used with B<-j> including
-the JSON filter or with B<-x> flag to influde raw packet data.
+B<json> JSON file format. It can be used with B<-j> or B<-J> including
+the JSON filter or with B<-x> flag to include raw hex-encoded packet data.
Example of usage:
tshark -T json -r file.pcap
tshark -T json -j "http tcp ip" -x -r file.pcap
+B<jsonraw> JSON file format including only raw hex-encoded packet data.
+It can be used with B<-j> including or B<-J >the JSON filter flag.
+Example of usage:
+
+ tshark -T jsonraw -r file.pcap
+ tshark -T jsonraw -j "http tcp ip" -x -r file.pcap
+
B<pdml> Packet Details Markup Language, an XML-based format for the details of
a decoded packet. This information is equivalent to the packet details
printed with the B<-V> flag.
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-03 09:10:25 +0000