Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireshark-users Digest, Vol 61, Issue 8

From: Barry Constantine <Barry.Constantine () jdsu com>
Date: Fri, 10 Jun 2011 13:22:49 -0700
Hi Stephen,

Thanks for your quick reply on the Wireshark 1.6 and Field occurrence feature.

I kind of follow it, but not all the way.  I used your example and added "ip.addr" as a column.  I am not sure what you 
mean by "move the mouse over the field and you it will display the number of occurrences".

Can you provide a little more detail?

Thanks,
Barry

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of 
wireshark-users-request () wireshark org
Sent: Friday, June 10, 2011 3:00 PM
To: wireshark-users () wireshark org
Subject: Wireshark-users Digest, Vol 61, Issue 8

Send Wireshark-users mailing list submissions to
        wireshark-users () wireshark org

To subscribe or unsubscribe via the World Wide Web, visit
        https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
        wireshark-users-request () wireshark org

You can reach the person managing the list at
        wireshark-users-owner () wireshark org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Help SMB Video DVCPRO Reading Troubleshooting ? (Tal Bar-Or)
   2. EtherCAT can't be captured though Ethernet works (N Nguyen)
   3. Time Display issues opening traces (Chris Alton)
   4. Re: Time Display issues opening traces (Tim.Poth () bentley com)
   5. Re: Time Display issues opening traces (Jeff Morriss)
   6. Wireshark 1.6 and Fields (Barry Constantine)
   7. Re: EtherCAT can't be captured though Ethernet    works (Guy Harris)
   8. Re: Wireshark 1.6 and Fields (Stephen Fisher)


----------------------------------------------------------------------

Message: 1
Date: Fri, 10 Jun 2011 12:40:06 +0300
From: Tal Bar-Or <tbaror () gmail com>
To: wireshark-users () wireshark org
Subject: [Wireshark-users] Help SMB Video DVCPRO Reading
        Troubleshooting ?
Message-ID: <BANLkTi=95P7GAJU0ke1fViJjhFSRZfDQhw () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hello,

I have current situation a client (win2k3) 1Gigbit net that using to edit
video with flowing format HD 100mbit(dvcpro) + 4 wave Chanel audio , the
media is located on storage nas(exanet ,redhat based). The issue is that
while the client reading the video and when he needs to slide/scroll back
the video the video is playing but the sound is getting behind the video
lip-sync. I did a trace of 60 sec in around 22 sec to 27 slide/scroll back
occur few sec after it we saw the sound getting behind the video lip-sync ,
in our video definition usually after 40ms DELAY we start to see lost frame
or lip-sync issues . i did some analyze on the trace i can see that the
storage having some delay read request issues few seconds after scrolling
back the video more than half a minute and even more further. whats bothers
me in the trace that when analyzing *tcp.analysis.ack_rtt* as well i can see
that there is some periods of trace more than 50ms delays from both client
and server , can i get into conclusion that the client suffer from some
network congestion or also the storage?. any idea and tips would be
appreciated since its one of my first *smb* analyzing. Please advice Thanks
[image: s4strace.png?psid=1]
-- [image: smbstat.png?psid=1]
Tal Bar-or
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/e8232540/attachment.html>

------------------------------

Message: 2
Date: Fri, 10 Jun 2011 06:27:32 -0700 (PDT)
From: N Nguyen <catsmemory2009 () yahoo com>
To: wireshark-users () wireshark org
Subject: [Wireshark-users] EtherCAT can't be captured though Ethernet
        works
Message-ID: <326155.27943.qm () web111918 mail gq1 yahoo com>
Content-Type: text/plain; charset="us-ascii"

Hello,

I am using EtherCAT, and I'd like to use wireshark to capture the frames.
If I stop the EtherCAT, the eth0 is listed in the capture list, and everything is OK.
But if I start EtherCAT, the ifconfig tells that there's only local loopback lo 127.0.0.1. And apparently wireshark 
cannot capture the EtherCAT, although I am transferring frames via my NIC card (RTL 8139).

Does anyone have any comment?

Thank you very much in advance!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/48d66b67/attachment.html>

------------------------------

Message: 3
Date: Fri, 10 Jun 2011 11:10:36 -0400
From: Chris Alton <enfiniti27 () hotmail com>
To: <wireshark-users () wireshark org>
Subject: [Wireshark-users] Time Display issues opening traces
Message-ID: <BLU197-W3659BFB6638ABC2CBA91BD4640 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"


Hi All,

I wanted to know if there was any way to prevent Wireshark from displaying the trace time in local time but the actual 
time the trace was taken. This makes analyzing traces from different time zones a complete pain. If I have logs from 
somebody that are in their time zone but the trace is in mine it makes it a LOT harder to find things since I have to 
mentally compensate for this time zone change.

Any help / info would be appreciated.

Thanks,

Chris
                                          
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/ebdc2109/attachment.html>

------------------------------

Message: 4
Date: Fri, 10 Jun 2011 11:35:05 -0400
From: <Tim.Poth () bentley com>
To: <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] Time Display issues opening traces
Message-ID:
        <8E3496A7FE7C04479D0365EC4C59BAB46F6A62FB1A () extprdmbx01 bentley com>
Content-Type: text/plain; charset="us-ascii"

If you're on windows you can set a  timezone variable in a command prompt that will affect anything the uses the c 
runtime.
If you launch wireshark from that command prompt the times will show up as you want.

EG
set TZ=GMT10
set TZ=GMT-5

hope that helps

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Chris 
Alton
Sent: Friday, June 10, 2011 11:11 AM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] Time Display issues opening traces

Hi All,

I wanted to know if there was any way to prevent Wireshark from displaying the trace time in local time but the actual 
time the trace was taken. This makes analyzing traces from different time zones a complete pain. If I have logs from 
somebody that are in their time zone but the trace is in mine it makes it a LOT harder to find things since I have to 
mentally compensate for this time zone change.

Any help / info would be appreciated.

Thanks,

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/54d6dcba/attachment.html>

------------------------------

Message: 5
Date: Fri, 10 Jun 2011 11:37:46 -0400
From: Jeff Morriss <jeff.morriss.ws () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] Time Display issues opening traces
Message-ID: <4DF23A4A.1090305 () gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Chris Alton wrote:

Hi All,

I wanted to know if there was any way to prevent Wireshark from 
displaying the trace time in local time but the actual time the trace 
was taken. This makes analyzing traces from different time zones a 
complete pain. If I have logs from somebody that are in their time zone 
but the trace is in mine it makes it a LOT harder to find things since I 
have to mentally compensate for this time zone change.


If you're on a UNIX-like system, it's quite easy to change the timezone 
Wireshark uses.  Just run Wireshark like, for example:

TZ=GMT wireshark

If you're on Windows then there is no solution currently.  But there is 
an enhancement request for such functionality, see:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629


------------------------------

Message: 6
Date: Fri, 10 Jun 2011 10:13:04 -0700
From: Barry Constantine <Barry.Constantine () jdsu com>
To: "wireshark-users () wireshark org" <wireshark-users () wireshark org>
Subject: [Wireshark-users] Wireshark 1.6 and Fields
Message-ID:
        <94DEE80C63F7D34F9DC9FE69E39436BE3A0C2EE53F () MILEXCH1 ds jdsu net>
Content-Type: text/plain; charset="us-ascii"

Hi Folks,

Hope this is not a dumb question, but I was wondering if anyone could provide more insight into these two (2) new 
features of 1.6:


*  TShark can show a specific occurrence of a field when using '-T fields'.

*  Custom columns can show a specific occurrence of a field.
Thanks,
Barry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/ac708a35/attachment.html>

------------------------------

Message: 7
Date: Fri, 10 Jun 2011 10:32:07 -0700
From: Guy Harris <guy () alum mit edu>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] EtherCAT can't be captured though
        Ethernet        works
Message-ID: <E6D59BE9-EE4F-4662-B996-E6900DDE187E () alum mit edu>
Content-Type: text/plain; charset=us-ascii


On Jun 10, 2011, at 6:27 AM, N Nguyen wrote:


I am using EtherCAT, and I'd like to use wireshark to capture the frames.
If I stop the EtherCAT, the eth0 is listed in the capture list, and everything is OK.
But if I start EtherCAT, the ifconfig tells that there's only local loopback lo 127.0.0.1. And apparently wireshark 
cannot capture the EtherCAT, although I am transferring frames via my NIC card (RTL 8139).


What do you mean by "stop the EtherCAT" and "start the EtherCAT"?  Is this something you do on the machine running 
Wireshark, or just on the network?  If it's something you do on the machine running Wireshark, perhaps the EtherCAT 
implementation somehow turns the Ethernet adapter into something that the rest of the networking stack doesn't 
recognize as a network interface, so that the rest of the networking stack - including the packet capture mechanism - 
can't use it.

(I'm guessing, from "local loopback lo 127.0.0.1", that you're running on Linux, where the loopback interface is 
generally called just "lo", rather than "lo0".  What does "ifconfig -a" report when EtherCAT has been started and when 
EtherCAT has been stopped?)


------------------------------

Message: 8
Date: Fri, 10 Jun 2011 12:02:01 -0600
From: Stephen Fisher <steve () stephen-fisher com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] Wireshark 1.6 and Fields
Message-ID: <20110610180201.GA75169 () shadow stephen-fisher com>
Content-Type: text/plain; charset=us-ascii

On Fri, Jun 10, 2011 at 10:13:04AM -0700, Barry Constantine wrote:


Hope this is not a dumb question, but I was wondering if anyone could 
provide more insight into these two (2) new features of 1.6:


* TShark can show a specific occurrence of a field when using '-T 
fields'.

* Custom columns can show a specific occurrence of a field.


In Wireshark, you can add a new column of field type "custom" and then 
specify a filter name for the field name such as "ip.addr" and then the 
field occurence field can take different values as shown by the text 
when you point the mouse cursor to the field: 0 = all (default), 1 = 
first, 2 = second ..., -1 = last.  So if in this example ip.addr shows 
up multiple times in the same packet, "1" will show only the value only 
from the first time it shows up in the dissection tree (middle pane).  
Otherwise all of them will show up with (if I remember correctly) commas 
in between.  Tshark has something similar but I don't know the syntax 
off the top of my head (check "tshark -h" probably).



------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users () wireshark org
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 61, Issue 8
**********************************************
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: