Wireshark mailing list archives
Re: tshark options
From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Tue, 23 Oct 2012 01:49:06 +0000 (UTC)
René Scheibe <rene.scheibe@...> writes:
I have 3 questions concerning tshark. 1) field aggregation With -E occurrence='a' field values can be aggregated when a field occurs multiple times. Can this aggregation be configured per field or is it only possible to do it globally for a fields?
Currently, this option applies uniformly to all fields.
2) dissector mapping With <layer type>==<selector>,<decode-as protocol> it can be specified which dissector to use. It's a bit unclear what is meant by "selector". I tried -d udp.port==100:200. tshark started fine but it looks like only 100 is used. Does it only support single values or can port ranges also be used?
When you asked the question, Wireshark did not yet support port ranges. As of r45734, it now does. If you don't want to wait for the next Wireshark development release or for 1.10, you can get this functionality by downloading any automated release version after r45734 from http://www.wireshark.org/download/automated/ or by downloading the Wireshark sources and compiling it yourself.
3) performance Generating a CSV file printing some fields from a PCAP file is quite slow. Are there options or ways to speed it up?
Maybe. There's the obvious like trying it on a faster machine, or trying to process fewer packets through various filtering techniques. You could also try profiling the code to attempt to identify code regions that consume the most time, then trying to optimize the slow code paths, possibly re-writing the code altogether to attempt to achieve better performance. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: tshark options Christopher Maynard (Oct 22)