Wireshark mailing list archives
Re: Wireshark-users Digest, Vol 61, Issue 8
From: Barry Constantine <Barry.Constantine () jdsu com>
Date: Fri, 10 Jun 2011 13:22:49 -0700
Hi Stephen, Thanks for your quick reply on the Wireshark 1.6 and Field occurrence feature. I kind of follow it, but not all the way. I used your example and added "ip.addr" as a column. I am not sure what you mean by "move the mouse over the field and you it will display the number of occurrences". Can you provide a little more detail? Thanks, Barry -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of wireshark-users-request () wireshark org Sent: Friday, June 10, 2011 3:00 PM To: wireshark-users () wireshark org Subject: Wireshark-users Digest, Vol 61, Issue 8 Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Help SMB Video DVCPRO Reading Troubleshooting ? (Tal Bar-Or) 2. EtherCAT can't be captured though Ethernet works (N Nguyen) 3. Time Display issues opening traces (Chris Alton) 4. Re: Time Display issues opening traces (Tim.Poth () bentley com) 5. Re: Time Display issues opening traces (Jeff Morriss) 6. Wireshark 1.6 and Fields (Barry Constantine) 7. Re: EtherCAT can't be captured though Ethernet works (Guy Harris) 8. Re: Wireshark 1.6 and Fields (Stephen Fisher) ---------------------------------------------------------------------- Message: 1 Date: Fri, 10 Jun 2011 12:40:06 +0300 From: Tal Bar-Or <tbaror () gmail com> To: wireshark-users () wireshark org Subject: [Wireshark-users] Help SMB Video DVCPRO Reading Troubleshooting ? Message-ID: <BANLkTi=95P7GAJU0ke1fViJjhFSRZfDQhw () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hello, I have current situation a client (win2k3) 1Gigbit net that using to edit video with flowing format HD 100mbit(dvcpro) + 4 wave Chanel audio , the media is located on storage nas(exanet ,redhat based). The issue is that while the client reading the video and when he needs to slide/scroll back the video the video is playing but the sound is getting behind the video lip-sync. I did a trace of 60 sec in around 22 sec to 27 slide/scroll back occur few sec after it we saw the sound getting behind the video lip-sync , in our video definition usually after 40ms DELAY we start to see lost frame or lip-sync issues . i did some analyze on the trace i can see that the storage having some delay read request issues few seconds after scrolling back the video more than half a minute and even more further. whats bothers me in the trace that when analyzing *tcp.analysis.ack_rtt* as well i can see that there is some periods of trace more than 50ms delays from both client and server , can i get into conclusion that the client suffer from some network congestion or also the storage?. any idea and tips would be appreciated since its one of my first *smb* analyzing. Please advice Thanks [image: s4strace.png?psid=1] -- [image: smbstat.png?psid=1] Tal Bar-or -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/e8232540/attachment.html> ------------------------------ Message: 2 Date: Fri, 10 Jun 2011 06:27:32 -0700 (PDT) From: N Nguyen <catsmemory2009 () yahoo com> To: wireshark-users () wireshark org Subject: [Wireshark-users] EtherCAT can't be captured though Ethernet works Message-ID: <326155.27943.qm () web111918 mail gq1 yahoo com> Content-Type: text/plain; charset="us-ascii" Hello, I am using EtherCAT, and I'd like to use wireshark to capture the frames. If I stop the EtherCAT, the eth0 is listed in the capture list, and everything is OK. But if I start EtherCAT, the ifconfig tells that there's only local loopback lo 127.0.0.1. And apparently wireshark cannot capture the EtherCAT, although I am transferring frames via my NIC card (RTL 8139). Does anyone have any comment? Thank you very much in advance!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/48d66b67/attachment.html> ------------------------------ Message: 3 Date: Fri, 10 Jun 2011 11:10:36 -0400 From: Chris Alton <enfiniti27 () hotmail com> To: <wireshark-users () wireshark org> Subject: [Wireshark-users] Time Display issues opening traces Message-ID: <BLU197-W3659BFB6638ABC2CBA91BD4640 () phx gbl> Content-Type: text/plain; charset="iso-8859-1" Hi All, I wanted to know if there was any way to prevent Wireshark from displaying the trace time in local time but the actual time the trace was taken. This makes analyzing traces from different time zones a complete pain. If I have logs from somebody that are in their time zone but the trace is in mine it makes it a LOT harder to find things since I have to mentally compensate for this time zone change. Any help / info would be appreciated. Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/ebdc2109/attachment.html> ------------------------------ Message: 4 Date: Fri, 10 Jun 2011 11:35:05 -0400 From: <Tim.Poth () bentley com> To: <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Time Display issues opening traces Message-ID: <8E3496A7FE7C04479D0365EC4C59BAB46F6A62FB1A () extprdmbx01 bentley com> Content-Type: text/plain; charset="us-ascii" If you're on windows you can set a timezone variable in a command prompt that will affect anything the uses the c runtime. If you launch wireshark from that command prompt the times will show up as you want. EG set TZ=GMT10 set TZ=GMT-5 hope that helps From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Chris Alton Sent: Friday, June 10, 2011 11:11 AM To: wireshark-users () wireshark org Subject: [Wireshark-users] Time Display issues opening traces Hi All, I wanted to know if there was any way to prevent Wireshark from displaying the trace time in local time but the actual time the trace was taken. This makes analyzing traces from different time zones a complete pain. If I have logs from somebody that are in their time zone but the trace is in mine it makes it a LOT harder to find things since I have to mentally compensate for this time zone change. Any help / info would be appreciated. Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/54d6dcba/attachment.html> ------------------------------ Message: 5 Date: Fri, 10 Jun 2011 11:37:46 -0400 From: Jeff Morriss <jeff.morriss.ws () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Time Display issues opening traces Message-ID: <4DF23A4A.1090305 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Chris Alton wrote:
Hi All, I wanted to know if there was any way to prevent Wireshark from displaying the trace time in local time but the actual time the trace was taken. This makes analyzing traces from different time zones a complete pain. If I have logs from somebody that are in their time zone but the trace is in mine it makes it a LOT harder to find things since I have to mentally compensate for this time zone change.
If you're on a UNIX-like system, it's quite easy to change the timezone Wireshark uses. Just run Wireshark like, for example: TZ=GMT wireshark If you're on Windows then there is no solution currently. But there is an enhancement request for such functionality, see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629 ------------------------------ Message: 6 Date: Fri, 10 Jun 2011 10:13:04 -0700 From: Barry Constantine <Barry.Constantine () jdsu com> To: "wireshark-users () wireshark org" <wireshark-users () wireshark org> Subject: [Wireshark-users] Wireshark 1.6 and Fields Message-ID: <94DEE80C63F7D34F9DC9FE69E39436BE3A0C2EE53F () MILEXCH1 ds jdsu net> Content-Type: text/plain; charset="us-ascii" Hi Folks, Hope this is not a dumb question, but I was wondering if anyone could provide more insight into these two (2) new features of 1.6: * TShark can show a specific occurrence of a field when using '-T fields'. * Custom columns can show a specific occurrence of a field. Thanks, Barry -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110610/ac708a35/attachment.html> ------------------------------ Message: 7 Date: Fri, 10 Jun 2011 10:32:07 -0700 From: Guy Harris <guy () alum mit edu> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] EtherCAT can't be captured though Ethernet works Message-ID: <E6D59BE9-EE4F-4662-B996-E6900DDE187E () alum mit edu> Content-Type: text/plain; charset=us-ascii On Jun 10, 2011, at 6:27 AM, N Nguyen wrote:
I am using EtherCAT, and I'd like to use wireshark to capture the frames. If I stop the EtherCAT, the eth0 is listed in the capture list, and everything is OK. But if I start EtherCAT, the ifconfig tells that there's only local loopback lo 127.0.0.1. And apparently wireshark cannot capture the EtherCAT, although I am transferring frames via my NIC card (RTL 8139).
What do you mean by "stop the EtherCAT" and "start the EtherCAT"? Is this something you do on the machine running Wireshark, or just on the network? If it's something you do on the machine running Wireshark, perhaps the EtherCAT implementation somehow turns the Ethernet adapter into something that the rest of the networking stack doesn't recognize as a network interface, so that the rest of the networking stack - including the packet capture mechanism - can't use it. (I'm guessing, from "local loopback lo 127.0.0.1", that you're running on Linux, where the loopback interface is generally called just "lo", rather than "lo0". What does "ifconfig -a" report when EtherCAT has been started and when EtherCAT has been stopped?) ------------------------------ Message: 8 Date: Fri, 10 Jun 2011 12:02:01 -0600 From: Stephen Fisher <steve () stephen-fisher com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] Wireshark 1.6 and Fields Message-ID: <20110610180201.GA75169 () shadow stephen-fisher com> Content-Type: text/plain; charset=us-ascii On Fri, Jun 10, 2011 at 10:13:04AM -0700, Barry Constantine wrote:
Hope this is not a dumb question, but I was wondering if anyone could provide more insight into these two (2) new features of 1.6: * TShark can show a specific occurrence of a field when using '-T fields'. * Custom columns can show a specific occurrence of a field.
In Wireshark, you can add a new column of field type "custom" and then specify a filter name for the field name such as "ip.addr" and then the field occurence field can take different values as shown by the text when you point the mouse cursor to the field: 0 = all (default), 1 = first, 2 = second ..., -1 = last. So if in this example ip.addr shows up multiple times in the same packet, "1" will show only the value only from the first time it shows up in the dissection tree (middle pane). Otherwise all of them will show up with (if I remember correctly) commas in between. Tshark has something similar but I don't know the syntax off the top of my head (check "tshark -h" probably). ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 61, Issue 8 ********************************************** ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 61, Issue 8 Barry Constantine (Jun 10)
- Re: Wireshark-users Digest, Vol 61, Issue 8 Stephen Fisher (Jun 10)