Wireshark mailing list archives
tshark, wlan.flags consistency & format
From: Anthony Murabito <anthony () iol unh edu>
Date: Thu, 25 Mar 2010 13:31:41 -0400
Hi All,I am currently making some changes to some automation software that uses tshark's output. My development has been primarily in a linux environment and is tied to wireless lans. I have noticed that tsharks default output is different between a windows & linux machine, and essentially I am hoping to get the nice "Flags" bitmap that appears in linux, to appear in windows.
For example, currently I am usingtshark -r (filename) -z proto,colinfo,frame.len,frame.len -z proto,colinfo,wlan.bssid,wlan.bssid
here is the corresponding tshark output: *(linux)*34659 372.477882 OUI_05:02:a9 -> OUI_34:cb:0e IEEE 802.11 Data, SN=285, FN=0, *Flags=.p.....TC* wlan.bssid == 00:00:00:79:37:70 frame.len == 408
*(windows)*34659 372.477882 OUI_05:02:a9 -> OUI_34:cb:0e IEEE 802.11 Data,SN=285,FN=0 wlan.bssid == 00:15:70:79:37:70 frame.len == 408
I have emboldened the flags section I am referring to, which is present under linux's tshark output, but not under window's tshark output.
I've been using the -z options to extract and append various other values (such as bssid, and frame length) to tshark's default output, however doing this to wlan.flags yields a hex value. This is not the end of the world, as I can bitmask the values out that I want, however tshark also includes a C flag (this is not part of wlan.flags) to tell you if the frame has a valid CRC.
If anyone knows how to get the windows version of tshark to display the flags in the format the linux does (that nice bitmap + CRC bit) please let me know. The man page doesn't seem to go into the level of detail I want here, but I'll keep reading and researching in the meantime to attempt to figure this out.
Thanks! -- *Anthony*
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark, wlan.flags consistency & format Anthony Murabito (Mar 25)
- Re: tshark, wlan.flags consistency & format Gerald Combs (Mar 25)
- Re: tshark, wlan.flags consistency & format Anthony Murabito (Mar 25)
- Re: tshark, wlan.flags consistency & format Bill Meier (Mar 25)
- Re: tshark, wlan.flags consistency & format Gerald Combs (Mar 25)