Wireshark mailing list archives

Re: PTP Protocol Fields

From: Christopher Maynard <Christopher.Maynard () igt com>
Date: Sat, 20 Feb 2016 17:01:51 +0000 (UTC)

Barry Constantine <barryconstant@...> writes:

Is there a way to get tshark to export the description versus the value

with the -e option?

Not with the -e option, at least not that I'm aware of.  You might be able
to script something though?  For example, if you *only* wanted to see the
text for the ptp.v2.sig.tlv.logInterMessagePeriod.period field, you should
be able to achieve this like so:

    tshark -r ptp_file.pcap -Y "ptp.v2.sig.tlv.logInterMessagePeriod.period"
-O ptp | grep "period:"

(Substitute "findstr" for "grep" if you're on Windows.)

Also, curious why the value differs from the description field presented

in the UI (value is always "0").

This is because the value gives you the raw data, which is 0, whereas
Wireshark is showing you the calculated/interpreted value, which is 2^value,
or in this case, 2^0=1.  (See: https://goo.gl/hMd3lC)

- Chris


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

PTP Protocol Fields Barry Constantine (Feb 20)
- Re: PTP Protocol Fields Christopher Maynard (Feb 20)