Re: Various problems with tshark

[Pascal Quantin <pascal.quantin () gmail com>]

2015-08-31 21:07 GMT+02:00 Joerg Mayer <jmayer () loplof de>:

> Hello Pascal,
>
> thanks for the quick response - solved my immediate problem ;-)
>
> On Mon, Aug 31, 2015 at 08:17:44AM +0200, Pascal Quantin wrote:
> > 2015-08-31 5:34 GMT+02:00 Joerg Mayer <jmayer () loplof de>:
> >
> > > When using tshark from head I have a bunch of problems right now:
> > >
> > > 1) stderr is getting spammed with
> > > (process:9870): Capture-WARNING **: Dissector stp incomplete in frame
> > > 41915: undecoded byte number 57 (0x0030+9)
> >
> > You seem to have activated the prefs.enable_incomplete_dissectors_check.
> > Simply go to Preferences -> Protocols and uncheck "Look for incomplete
> > dissectors".
>
> Yes, I do, but I really expected that to be (similar to) expert items, not
> some "spam" taht (optically) interfers with the normal output of tshark.

My understanding is that it is not intended to be activated by default, but
only in "development mode" (at least according to the comments in the
Gerrit patch if I remember correctly).


> > > 2) -T fields -e _ws.col.info isn't working (empty column), both with
> and
> > > without -V
>
> > The right field name is _ws.col.Info
>
> Sigh. Is _ws.* documented in one of the manpages? I couldn't find it. And
> the
> only mention I could find (the tshark manpage) used a small 'i'.

tshark.pod needs to be fixed, but tshark -h gives you _ws.col.Info.

Could we plese agree to either *always* use small letters or to make the
> filter names case insensitive? Also:
> =========
> $ tshark -T fields -e asdf
> ** (process:13516): WARNING **: 'asdf' isn't a valid field!
> tshark: Some fields aren't valid
> $ tshark -T fields -e _ws.col.info
> Capturing on 'Wi-Fi'
> ^C
> 21 packets captured
> jmayer@newegg:~/firmatmp/salalah/WIP/tests/radius$ tshark -T fields -e
> _ws.col.asdf
> Capturing on 'Wi-Fi'
> =========
> Should we try for a bit more consistency here?

Right now it's the column title as you configured it. Maybe it should be
made case insensitive, but there is a real logic (and not inconsistency). I
do not ceck this code part and whether _ws.col.XXX could (should?) trigger
an error if the syntax is wrong.



> Thanks again
>    Jörg
>
> --
> Joerg Mayer                                           <jmayer () loplof de>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe