Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

tshark tzsp capture

From: Alexander Kosykh <avkosykh () gmail com>
Date: Wed, 25 Nov 2009 23:29:52 +0300
I can't understand why then i do this command tshark -i extif -f "udp port
7002" -n -d udp.port==7002,tzsp I see packets without tzsp encapsulation on
my console
Capturing on extif
0.000000 172.16.170.2 -> 213.248.49.44 TCP 51217 > 7503 [ACK] Seq=1 Ack=1
Win=63393 Len=0
0.031443 172.16.170.2 -> 88.212.223.2 TCP 49280 > 29000 [ACK] Seq=1 Ack=1
Win=64223 Len=0
0.051480 88.212.223.2 -> 172.16.170.2 TCP 29000 > 49280 [PSH, ACK] Seq=1
Ack=1 Win=15829 Len=15
0.209293 213.248.49.44 -> 172.16.170.2 TCP 7503 > 51217 [PSH, ACK] Seq=1
Ack=1 Win=65535 Len=197
0.249949 172.16.170.2 -> 88.212.223.2 TCP 49280 > 29000 [ACK] Seq=1 Ack=16
Win=64208 Len=0
0.410098 172.16.170.2 -> 213.248.49.44 TCP 51217 > 7503 [ACK] Seq=1 Ack=198
Win=64800 Len=0
0.427358 88.212.223.2 -> 172.16.170.2 TCP 29000 > 49280 [PSH, ACK] Seq=16
Ack=1 Win=15829 Len=22

but if I set -w outfile and then look the file with tshark -n -r outfile I
see only tzsp encapsulated packets

3603 289.761278 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002
3604 289.961221 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002
3605 289.982428 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002
3606 290.181036 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002
3607 290.202244 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002
3608 290.400268 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002
3609 290.421330 10.100.15.19 -> 10.101.15.69 UDP Source port: 53908
Destination port: 7002

how can i save traffic to file without tzsp encapsulation?

Best regards,
Alexander Kosykh.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: