Install tshark (Wireshark) Ver.3.4.0 on CentOS7 --It must be "ps", "text", "pdml", "psml" or "fields".

What you want to achieve

• Converted pacp file to JSON. However, JSON output is not possible with the standard package, so install the latest tshark (Wireshark) and perform JSON output.

$ tshark -r testcap_2020-12-14_05-34-54.pcap -T json
tshark: Invalid -T parameter.
It must be "ps", "text", "pdml", "psml" or "fields".

$ tshark -v
TShark 1.10.14 (Git Rev Unknown from unknown)

~~abridgement~~

Execution command

• Build and install the new version of tshark at the moment

Install the required rpm packages

sudo yum install libgcrypt-devel glib2-devel qt-devel qt5-qtbase-devel \
                 qt5-linguist qt5-qtmultimedia-devel qt5-qtsvg-devel \
                 libcap-devel libcap-ng-devel gnutls-devel krb5-devel \
                 libxml2-devel lua-devel lz4-devel snappy-devel spandsp-devel \
                 libssh2-devel bcg729-devel libmaxminddb-devel sbc-devel \
                 libsmi-devel libnl3-devel libnghttp2-devel libssh-devel \
                 libpcap-devel c-ares-devel redhat-rpm-config rpm-build \
                 gtk+-devel gtk3-devel desktop-file-utils portaudio-devel \
                 rubygem-asciidoctor docbook5-style-xsl docbook-style-xsl \
                 systemd-devel python3 cmake3 git gcc gcc-c++ flex bison \
                 doxygen gettext-devel libxslt cmake wget -y

Build and install cmake3

wget https://github.com/Kitware/CMake/releases/download/v3.19.1/cmake-3.19.1.tar.gz
tar zxvf cmake-3.19.1.tar.gz
cd cmake-3.19.1
mkdir -p /opt/cmake3/3.19.1
sudo mkdir /opt/cmake3/3.19.1/
./configure --prefix=/opt/cmake3/3.19.1
sudo make install
/opt/cmake3/3.19.1/bin/cmake --version
sudo ln -s /opt/cmake3/3.19.1/bin/cmake /usr/bin/cmake3
ls -lasF /usr/bin/cmake3 

$ cmake3 --version
cmake version 3.19.1

CMake suite maintained and supported by Kitware (kitware.com/cmake).

Build and install tshark

sudo su - 
cd /root
git clone https://github.com/wireshark/wireshark.git
cd wireshark
git checkout tags/wireshark-3.4.0

mkdir -p ~/temp/wireshark-3.4.0
mkdir -p /opt/wireshark/3.4.0
cd ~/temp/wireshark-3.4.0
cmake3 -DCMAKE_INSTALL_PREFIX=/opt/wireshark/3.4.0 -LH /root/wireshark
make
make install

# ls -lasF /opt/wireshark/3.4.0/bin/
total 123432
     0 drwxr-xr-x 2 root root       228 Dec 14 05:17 ./
     0 drwxr-xr-x 6 root root        58 Dec 14 05:17 ../
   128 -rwxr-xr-x 1 root root    129248 Dec 14 05:16 capinfos*
    52 -rwxr-xr-x 1 root root     52576 Dec 14 05:16 captype*
   392 -rwxr-xr-x 1 root root    401088 Dec 14 05:16 dumpcap*
   168 -rwxr-xr-x 1 root root    168088 Dec 14 05:16 editcap*
   144 -rwxr-xr-x 1 root root    145272 Dec 14 04:50 idl2wrs*
    84 -rwxr-xr-x 1 root root     83296 Dec 14 05:16 mergecap*
    24 -rwxr-xr-x 1 root root     24448 Dec 14 04:50 mmdbresolve*
    88 -rwxr-xr-x 1 root root     89216 Dec 14 05:16 randpkt*
   400 -rwxr-xr-x 1 root root    409056 Dec 14 05:16 rawshark*
    72 -rwxr-xr-x 1 root root     73248 Dec 14 05:16 reordercap*
   708 -rwxr-xr-x 1 root root    723984 Dec 14 05:16 sharkd*
   132 -rwxr-xr-x 1 root root    134120 Dec 14 04:50 text2pcap*
  1396 -rwxr-xr-x 1 root root   1428032 Dec 14 05:04 tshark*
119644 -rwxr-xr-x 1 root root 122511856 Dec 14 05:16 wireshark*

# /opt/wireshark/3.4.0/bin/tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.0 (v3.4.0-0-g9733f173ea5e)

~~abridgement~~

$ /opt/wireshark/3.4.0/bin/tshark -r testcap_2020-12-14_05-34-54.pcap -T ABC
tshark: Invalid -T parameter "ABC"; it must be one of:
	"fields"  The values of fields specified with the -e option, in a form
	          specified by the -E option.
	"pdml"    Packet Details Markup Language, an XML-based format for the
	          details of a decoded packet. This information is equivalent to
	          the packet details printed with the -V flag.
	"ps"      PostScript for a human-readable one-line summary of each of
	          the packets, or a multi-line view of the details of each of
	          the packets, depending on whether the -V flag was specified.
	"psml"    Packet Summary Markup Language, an XML-based format for the
	          summary information of a decoded packet. This information is
	          equivalent to the information shown in the one-line summary
	          printed by default.
	"json"    Packet Summary, an JSON-based format for the details
	          summary information of a decoded packet. This information is 
	          equivalent to the packet details printed with the -V flag.
	"jsonraw" Packet Details, a JSON-based format for machine parsing
	          including only raw hex decoded fields (same as -T json -x but
	          without text decoding, only raw fields included). 
	"ek"      Packet Details, an EK JSON-based format for the bulk insert 
	          into elastic search cluster. This information is 
	          equivalent to the packet details printed with the -V flag.
	"text"    Text of a human-readable one-line summary of each of the
	          packets, or a multi-line view of the details of each of the
	          packets, depending on whether the -V flag was specified.
	          This is the default.
	"tabs"    Similar to the text report except that each column of the
	          human-readable one-line summary is delimited with an ASCII
	          horizontal tab character.

Referenced information

• Install the latest Wireshark (3.2.4) on CentOS7 --Qiita
• [CentOS7] cmake3 installation-Kaede Blog
• Changing prefix with CMake --physpolyglot
• [Linux] [cmake] How to install the latest cmake-Qiita
• Installation