diff options
| author | Moshe Kaplan <me@moshekaplan.com> | 2019-05-05 21:49:43 -0400 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2019-05-07 15:33:17 +0000 |
| commit | 14796202a82ac12331be0c5d350c80997feab2ee (patch) | |
| tree | 81c56c867d70b4651b5c92fb9a8cbf081f85c363 /doc | |
| parent | a90cc3309c750bf0de8a3a592609c5d52869fb10 (diff) | |
Update tshark man pages for -j and -J
Change-Id: I221013d5948c4c699b1721441b54a05dc5ff2ce2
Reviewed-on: https://code.wireshark.org/review/33089
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tshark.pod | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/doc/tshark.pod b/doc/tshark.pod index 5e100a6758..296d7b65ea 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -616,17 +616,18 @@ this option. =item -j E<lt>protocol match filterE<gt> Protocol match filter used for ek|json|jsonraw|pdml output file types. -Parent node containing multiple child nodes is only included, -if the name is found in the filter. +Only the protocol's parent node is included. Child nodes are only +included if explicitly specified in the filter. -Example: B<tshark -j "ip ip.flags text"> +Example: B<tshark -j "ip ip.flags http"> =item -J E<lt>protocol match filterE<gt> Protocol top level filter used for ek|json|jsonraw|pdml output file types. -Parent node containing multiple child nodes is included with all children. +The protocol's parent node and all child nodes are included. +Lower-level protocols must be explicitly specified in the filter. -Example: B<tshark -J "http tcp"> +Example: B<tshark -J "tcp http"> =item -K E<lt>keytabE<gt> @@ -842,7 +843,8 @@ Set the format of the output when viewing decoded packet data. The options are one of: B<ek> Newline delimited JSON format for bulk import into Elasticsearch. -It can be used with B<-j> or B<-J> including the JSON filter or with +It can be used with B<-j> or B<-J> to specify +which protocols to include or with B<-x> to include raw hex-encoded packet data. If B<-P> is specified it will print the packet summary only, with both B<-P> and B<-V> it will print the packet summary and packet details. @@ -869,15 +871,15 @@ form specified by the B<-E> option. For example, would generate comma-separated values (CSV) output suitable for importing into your favorite spreadsheet program. -B<json> JSON file format. It can be used with B<-j> or B<-J> including -the JSON filter or with B<-x> option to include raw hex-encoded packet -data. Example of usage: +B<json> JSON file format. It can be used with B<-j> or B<-J> to specify +which protocols to include or with B<-x> option to include +raw hex-encoded packet data. Example of usage: tshark -T json -r file.pcap tshark -T json -j "http tcp ip" -x -r file.pcap B<jsonraw> JSON file format including only raw hex-encoded packet data. -It can be used with B<-j> including or B<-J> the JSON filter option. +It can be used with B<-j> or B<-J> to specify which protocols to include. Example of usage: tshark -T jsonraw -r file.pcap |