Wireshark mailing list archives
Re: tshark -T fields
From: "Douglas Wood" <doug.wood () ieee org>
Date: Mon, 12 Jul 2010 08:42:22 -0400
I have created a modified version of Wireshark in which I produce tab delimited files that actually aggregates multiple instances of particular fields. In fact, the output can become way too voluminous, but, it is much faster to process these tab delimited files than the PDML output. Especially when there are 100,000's of packets. I will attest that the aggregation of multiple instances of a field is pretty tricky. I wouldn't mind working with somebody else to try to generalize what I have done. Doug Peter Gordon wrote:
tshark can be used to display fields using the -T option. If the same field occurs a number of times within a protocol, only one value ( the last ) gets displayed. As far as I can see the error looks like it comes from the routine proto_tree_write_fields. The -T pdml option gives the correct output, but is too voluminous. Can anyone help with a fix?
There's at least one bug for that: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3818 It was discussed quite a bit at Sharkfest this year too--there seemed to be quite a bit of interest in finding a way to fix it. (But: as evidenced by the fact that there is so much interest and it hasn't been done yet, it's non-trivial to implement.) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- tshark -T fields Peter Gordon (Jul 07)
- Re: tshark -T fields Jeff Morriss (Jul 07)
- Re: tshark -T fields Douglas Wood (Jul 12)
- Message not available
- Re: tshark -T fields Martin Visser (Jul 12)
- Re: tshark -T fields Jeff Morriss (Jul 07)