Wireshark mailing list archives

Re: tshark summary lines

From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Tue, 2 Oct 2012 17:57:43 +0000 (UTC)

 <mmann78@...> writes:

-----Original Message-----

From: Ed Beroset <beroset () mindspring com>

To: Developer support list for Wireshark

<wireshark-dev () wireshark org>


Sent: Tue, Oct 2, 2012 11:25 am

Subject: [Wireshark-dev] tshark summary lines

Someone has asked a question on the wiki

http://ask.wireshark.org/questions/14581/how-to-use-tshark-to-output-a-tcpdump-
into-text-formatted-file


Which asks if tshark can emit both the summary lines AND the details 
from -V.  There is currently no way to do that, but it seemed to me like 
a reasonable question.  Should it be added?

If so, I was thinking the combination of -V -P might be a reasonable way 
to do that.  What say you all?

Isn't this bug 2892?  (https://bugs.wireshark.org/bugzilla

/show_bug.cgi?id=2892)


Or 4314? (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4314)


They are all different:
For bug 2892, if you use -T fields, there's no way to have the info column
information also displayed.  Support would have to be added to be able to
specify something like e.g., "-e col.info"

For bug 4314, I interpreted this as the user performing the following steps in
Wireshark: File -> Print -> Output to file: wireshark.out, but then
wireshark.out cut off the long Info column unless a custom column was added. 
But now I just tried that and it seemed to work fine, but I don't know how long
the info line must be for this to occur.  So either this bug is already fixed
or more information is needed in order to be able to reproduce it.  (I thought
*maybe* this was the same as bug 7543, but adding a custom column matter for
bug 7543, so I don't think they're the same either.)

So this new one from ask that Ed mentioned here is about printing both the
entire summary line, which you get with -P, as well as the packet details,
which you get with -V.  Currently if you specify both -P and -V, you get the 
packets details only, but no summary line.  I'd say this is a reasonable 
request and that this should probably also work with -O <protocols> as well 
(any others?).  But best to file an enhancement bug report for it.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

tshark summary lines Ed Beroset (Oct 02)
- <Possible follow-ups>
- Re: tshark summary lines mmann78 (Oct 02)
  - Re: tshark summary lines Ed Beroset (Oct 02)
  - Re: tshark summary lines Christopher Maynard (Oct 02)
    - Re: tshark summary lines Ed Beroset (Oct 02)
    - Re: tshark summary lines Christopher Maynard (Oct 02)
    - Re: tshark summary lines Ed Beroset (Oct 02)
    - Re: tshark summary lines Guy Harris (Oct 02)