Wireshark mailing list archives
Re: Wireshark-users Digest, Vol 117, Issue 4
From: Barry Constantine <barryconstant () yahoo com>
Date: Sun, 21 Feb 2016 15:34:30 +0000 (UTC)
Thanks Chris! I'll stick with the -T fields -e option and then decode the numerical value into the named interval, etc per the PTP specification and dissector. I am writing in a script anyway, so this will be easy to map. Thanks again, Barry -------------------------------------------- On Sun, 2/21/16, wireshark-users-request () wireshark org <wireshark-users-request () wireshark org> wrote: Subject: Wireshark-users Digest, Vol 117, Issue 4 To: wireshark-users () wireshark org Date: Sunday, February 21, 2016, 7:00 AM Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. PTP Protocol Fields (Barry Constantine) 2. Re: PTP Protocol Fields (Christopher Maynard) ---------------------------------------------------------------------- Message: 1 Date: Sat, 20 Feb 2016 16:04:01 +0000 (UTC) From: Barry Constantine <barryconstant () yahoo com> To: <wireshark-users () wireshark org> Subject: [Wireshark-users] PTP Protocol Fields Message-ID: <848612689.234812.1455984241569.JavaMail.yahoo () mail yahoo com> Content-Type: text/plain; charset=UTF-8 Hello, I am trying to use tshark to export fields to a text file for the PTP protocol. I usually determine the correct field name by right clicking in the UI and then determining the field name, in this example, one would be: ptp.v2.sig.tlv.logInterMessagePeriod.period If I copy the value as a test it always shows "0", but copying the Description, I get the readable value "period: every 1 seconds" Is there a way to get tshark to export the description versus the value with the -e option? Also, curious why the value differs from the description field presented in the UI (value is always "0"). Thanks, Barry ------------------------------ Message: 2 Date: Sat, 20 Feb 2016 17:01:51 +0000 (UTC) From: Christopher Maynard <Christopher.Maynard () igt com> To: wireshark-users () wireshark org Subject: Re: [Wireshark-users] PTP Protocol Fields Message-ID: <loom.20160220T173537-48 () post gmane org> Content-Type: text/plain; charset=us-ascii Barry Constantine <barryconstant@...> writes:
Is there a way to get tshark to export the description
versus the value with the -e option? Not with the -e option, at least not that I'm aware of. You might be able to script something though? For example, if you *only* wanted to see the text for the ptp.v2.sig.tlv.logInterMessagePeriod.period field, you should be able to achieve this like so: tshark -r ptp_file.pcap -Y "ptp.v2.sig.tlv.logInterMessagePeriod.period" -O ptp | grep "period:" (Substitute "findstr" for "grep" if you're on Windows.)
Also, curious why the value differs from the
description field presented in the UI (value is always "0"). This is because the value gives you the raw data, which is 0, whereas Wireshark is showing you the calculated/interpreted value, which is 2^value, or in this case, 2^0=1. (See: https://goo.gl/hMd3lC) - Chris ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 117, Issue 4 *********************************************** ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 117, Issue 4 Barry Constantine (Feb 21)