What are tshark's default output fields?

Question

I'm trying to expand tshark's output. On the first round I haven't found simple solution, only that one can extract a field by the -e option, so the following command outputs

• frame number
• time from beginning of capture
• source ip address
• destination ip address
• http request uri
• and the http content lenght, which I want to add to the default output.

tshark -T fields -e frame.number -e frame.time_relative -e ip.src -e ip.dst http.request.uri -e http.content_length

My problem is, that I can't find the default output field names or an option that leaves them and append the desired fields to it.

It's not mandatory, but would be nice to know : )

Answer 1

This is not exactly the default output but comes quite close:

tshark -T fields -e frame.number -e frame.time_delta -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -e ip.len -e _ws.col.Info