Wireshark mailing list archives

Re: How to display identical fields with tshark

From: Martin Visser <martinvisser99 () gmail com>
Date: Thu, 6 Jan 2011 10:11:47 +1100

Also as an interim measure, you may want to make use of the PDML
output instead (which will show all fields). This will require
separate parsing of course to be useful.

Regards, Martin

MartinVisser99 () gmail com



On 6 January 2011 10:05, Sake Blok <sake () euronet nl> wrote:


On 5 jan 2011, at 21:51, eymanm wrote:

I have a protocol that contains the same fields, let's name them A, in a
single frame. Let's also assume that there are three As in a single frame.
When using tshark with -V all the As are displayed properly. When using -e,
only the last A is displayed. Can somebody suggest how to display the first
and the second As with -e?

I implemented the ability to select the first, last or all occurrences of a
field with tshark a while ago. It's not yet in 1.4.x, so you will have to
use an automated build or wait for 1.5.0.
From 'tshark -h':
  -e <field>               field to print if -Tfields selected (e.g.
tcp.port);
                           this option can be repeated to print multiple
fields
  -E<fieldsoption>=<value> set options for output when -Tfields selected:
     header=y|n            switch headers on and off
     separator=/t|/s|<char> select tab, space, printable character as
separator
     occurrence=f|l|a      print first, last or all occurrences of each
field
     aggregator=,|/s|<char> select comma, space, printable character as
aggregator
     quote=d|s|n           select double, single, no quotes for values
Cheers,

Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

How to display identical fields with tshark eymanm (Jan 05)
- Re: How to display identical fields with tshark Sake Blok (Jan 05)
  - Re: How to display identical fields with tshark Martin Visser (Jan 05)
    - Re: How to display identical fields with tshark eymanm (Jan 06)
    - Re: How to display identical fields with tshark Martin Visser (Jan 06)
  - Re: How to display identical fields with tshark eymanm (Jan 06)