Re: RTCP: Filtering SDES items in 'tshark'

[Martin Thorpe <martinjasonthorpe () googlemail com>]

Hi all

I've upgraded wireshark from 1.2 (CentOS 6 x64) to version 1.7.1 in order
to use the command extension that Jaap kindly highlighted below; and now
when I run the following trace I get the "Mysql protocol dissector: all
fields should be little endian" bug:

Command:

./tshark -i eth2 -o "rtp.heuristic_rtp: TRUE" -R 'rtcp.ssrc.cum_nr >= 50'
-V -d udp.port==5005,rtcp -e rtcp.ssrc.identifier -e rtcp.ssrc.fraction -e
rtcp.ssrc.cum_nr -e rtcp.ssrc.jitter -e ip.src_host -e rtcp.sdes.text -T
fields -E separator=, -E quote=n

Errors:

** (process:31148): WARNING **: Dissector bug, protocol MySQL, in packet
377: proto.c:2508: failed assertion "hfinfo->type == FT_STRING ||
hfinfo->type == FT_STRINGZ"

This scrolls up the screen, there were no errors during the build
compilation process?

Any help would be appreciated

Thanks


On 12 November 2011 18:00, Martin Thorpe
<martinjasonthorpe () googlemail com>wrote:

> Thanks Jaap that was exactly what I was looking for!
>
>
>
> Sent from my iPhone
>
> On 9 Nov 2011, at 10:26, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
>
> Hi,
>
> That should happen (given an up-to-date tshark version) by using *-E
> occurrence=a*
>
> Thanks,
> Jaap
>
> On Mon, 7 Nov 2011 17:09:45 +0000, Martin Thorpe wrote:
>
> Hi all
>
> Hope everyone is well :-)
>
> Quick question, I am receiving RTCP packets to a Linux host where I am
> writing away to MySQL based on several thresholds being reached, I would
> like to write ALL the SDES 'Text' field information but I can only seem to
> grab part of it, here is an example of the data that is coming in:
>
>
>     Real-time Transport Control Protocol (Source description)
>         10.. .... = Version: RFC 1889 Version (2)
>         ..0. .... = Padding: False
>         ...0 0001 = Source count: 1
>         Packet type: Source description (202)
>         Length: 23 (96 bytes)
>         Chunk 1, SSRC/CSRC 0x2CE7939A
>             Identifier: 0x2ce7939a (753374106)
>             SDES items
>                 Type: CNAME (user and domain) (1)
>                 Length: 26
>                 Text: ext123456@10.10.10.10:1234
>                 Type: PHONE (phone number) (4)
>                 Length: 5
>                 Text: 50035
>                 Type: TOOL (name/version of source app) (6)
>                 Length: 50
>                 Text: IP Telephone (IP Telephone Firmware Version)
>                 Type: END (0)
>
> Now using my capture running as follows I only am able to display (using
> fields) the final piece of text from the SDES items:
>
> tshark -i eth0 -o "rtp.heuristic_rtp: TRUE" -R 'rtcp.ssrc.cum_nr >= 50' -V
> -d udp.port==5005,rtcp -e rtcp.ssrc.fraction -e rtcp.ssrc.jitter -e
> rtcp.ssrc.cum_nr -e rtcp.sdes.text -e ip.src_host -e rtp.ext -S -T fields
> -E separator=, -E quote=d
>
> Is there anyway to also include the telephone extension number as seen in
> the 'Text' field above the final 'Text' field??
>
> Thanks for your help
>
>
>
> *occurrence=f|l|a*
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request () wireshark org?subject=unsubscribe<wireshark-users-request () wireshark 
> org?subject=unsubscribe>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe