Wireshark mailing list archives
Re: tshark --export-objects : -2 assumed or required for two-pass ?
From: John Thacker <johnthacker () gmail com>
Date: Mon, 10 Aug 2020 21:00:13 -0400
On Mon, Aug 10, 2020 at 5:32 PM chuck c <bubbasnmp () gmail com> wrote:
tshark --export-objects dicom is behaving differently than exporting Dicom objects in Wireshark. Is the "-2" option assumed to be set, observed if set or not used at all for exporting objects with tshark?
Having implemented Export Objects on a different custom TFTP-like protocol, I experienced the same thing. With tshark, -2 is observed if set, and that can result in different behavior. Generally more accurate information is obtained with two passes, which is equivalent to Wireshark behavior. There are certain protocols where single pass analysis just isn't sufficient to determine all the data, and dissectors where some state object is set, like packet-dcm.c, are a common case. John Thacker
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? John Thacker (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? Guy Harris (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? Mikael Kanstrup (Aug 13)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? John Thacker (Aug 10)