wireshark_extract_fields
Extract specific network packet fields from PCAP files as structured tabular data for analysis using customizable filters and pagination.
Instructions
[Tabular] Extract specific fields as comma/tab-separated data.
Args: fields: Comma-separated field names (e.g. "ip.src,tcp.port,http.host") display_filter: Optional filter (e.g. "http.request.method == POST") limit: Max rows to return (default: 100) offset: Skip first N rows (pagination)
Returns: Tabular text output or JSON error
Errors: FileNotFound: pcap_file does not exist ExecutionError: Field extraction failed
Example: wireshark_extract_fields("file.pcap", "ip.src,ip.dst,tcp.port", display_filter="tcp")
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| pcap_file | Yes | ||
| fields | Yes | ||
| display_filter | No | ||
| limit | No | ||
| offset | No |