Wireshark mailing list archives
tshark tzsp capture
From: Alexander Kosykh <avkosykh () gmail com>
Date: Wed, 25 Nov 2009 23:29:52 +0300
I can't understand why then i do this command tshark -i extif -f "udp port 7002" -n -d udp.port==7002,tzsp I see packets without tzsp encapsulation on my console Capturing on extif 0.000000 172.16.170.2 -> 213.248.49.44 TCP 51217 > 7503 [ACK] Seq=1 Ack=1 Win=63393 Len=0 0.031443 172.16.170.2 -> 88.212.223.2 TCP 49280 > 29000 [ACK] Seq=1 Ack=1 Win=64223 Len=0 0.051480 88.212.223.2 -> 172.16.170.2 TCP 29000 > 49280 [PSH, ACK] Seq=1 Ack=1 Win=15829 Len=15 0.209293 213.248.49.44 -> 172.16.170.2 TCP 7503 > 51217 [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=197 0.249949 172.16.170.2 -> 88.212.223.2 TCP 49280 > 29000 [ACK] Seq=1 Ack=16 Win=64208 Len=0 0.410098 172.16.170.2 -> 213.248.49.44 TCP 51217 > 7503 [ACK] Seq=1 Ack=198 Win=64800 Len=0 0.427358 88.212.223.2 -> 172.16.170.2 TCP 29000 > 49280 [PSH, ACK] Seq=16 Ack=1 Win=15829 Len=22 but if I set -w outfile and then look the file with tshark -n -r outfile I see only tzsp encapsulated packets 3603 289.761278 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 3604 289.961221 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 3605 289.982428 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 3606 290.181036 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 3607 290.202244 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 3608 290.400268 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 3609 290.421330 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908 Destination port: 7002 how can i save traffic to file without tzsp encapsulation? Best regards, Alexander Kosykh.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark tzsp capture Александр Косых (Nov 23)
- <Possible follow-ups>
- tshark tzsp capture Alexander Kosykh (Nov 25)