Wireshark mailing list archives

Re: [Wireshark-users] Tshark - displaying all sdp.media_attr on win2k system

From: Christopher Maynard <Chris.Maynard () gtech com>
Date: Tue, 9 Nov 2010 18:28:51 +0000 (UTC)

Christopher Maynard <Chris.Maynard@...> writes:

Any thoughts? Or am I out of luck?


You might be able to use something like: tshark -R "frame contains FOO"
or even: tshark -R "sdp.media_attr && frame contains FOO"


Of course that will only help you find the packets that contain what you're
looking for, but it won't print the fields, so you could also try using "-V" to
print out all the packet details, redirect the output to a file, then grep for
your matching "Media Attribute" lines that way?


Another possible alternative - use the latest tshark that supports "-E
occurrence=a", but run it on another host doing remote packet capture?

http://www.winpcap.org/docs/docs_412/html/group__remote.html
http://wiki.wireshark.org/CaptureSetup#Step_5:_Capture_traffic_using_a_remote_machine


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Tshark - displaying all sdp.media_attr on win2k system Boonie (Nov 09)
- Re: [Wireshark-users] Tshark - displaying all sdp.media_attr on win2k system Christopher Maynard (Nov 09)
  - Re: [Wireshark-users] Tshark - displaying all sdp.media_attr on win2k system Christopher Maynard (Nov 09)
    - Re: [Wireshark-users] Tshark - displaying all sdp.media_attr on win2k system Christopher Maynard (Nov 09)
    - Re: Tshark - displaying all sdp.media_attr on win2k system Boonie (Nov 09)
  - Re: Tshark - displaying all sdp.media_attr on win2k system Boonie (Nov 09)