Ethereal-users: Re: [Ethereal-users] Verbose Dumps of One Protocol with Tethereal
Guy Harris wrote:
> Carl Litt wrote:
>
>> Is there a way to have 'tethereal' verbosely dump the contents of a
>> particular protocol (eg. SIP) without having the higher-level
>> protocol details? Sort of like how '-V' dumps the contents of the
>> packet, but I only want to see the SIP details, and nothing from the
>> udp, ip, or eth levels.
>
> Tethereal doesn't currently have any such option.
>
> Something such as that might be useful, although one question is
> whether it should be something of the sort you showed (where only the
> "frame" and "sip" layers are shown at all - "only want to see the SIP
> details, and nothing from the udp, ip, or eth levels" doesn't say
> anything about the "frame" level, but in your example you show that as
> well), or something that still shows the top-level item for UDP, IP,
> and Ethernet but doesn't open them up.
I would say that a command-line parameter could be used to filter out a
list of protocols, and no information on that layer would be printed.
So for me to list just the Frame and SIP layers, I would specify to
filter out the Ethernet, IP, and UDP layers. That way it's up to the
user to decide what they see. Perhaps this could be an alternate syntax
in the -R "display filter" parameter? eg. "!ip and !udp"
For what I was doing at the time I didn't care about the source or
destination addresses, I just wanted to monitor the SIP dumps.
Carl Litt
Network Administrator
Execulink Telecom
begin:vcard
fn:Carl Litt
n:Litt;Carl
org:Execulink Internet;Network Operations
adr:195 Dufferin Ave.;;Suite 603;London;ON;N6A 1K7;Canada
email;internet:carl@xxxxxxxxxxxxx
title:Network Administrator
tel;work:519-456-1098
note;quoted-printable:-----BEGIN PGP PUBLIC KEY BLOCK-----=0D=0A=
Version: GnuPG v1.2.4 (MingW32)=0D=0A=
=0D=0A=
mQGiBD3d4D0RBADN1ldHgasUd4f9LEuRJ9kvIwUzJmmZv5phz2b7L6yWkKFwgTWZ=0D=0A=
HXDD3hXYRgTvWW56fIuAIQXCeHQIQ1ox7omXfl6MXgguy9yozgkYtfXiKCV6Dx+6=0D=0A=
NA8W5JPkiyy6AvI7MZdpBDxch2xqzOisXlyYdbhOvzCrgkjjtr2SDkz9nwCg2S8W=0D=0A=
R0ETpNUD5sSiHn7w/6Oopz8D/ipbTNIRRvJk13cn6q7kRAs5Apxd0MX0ZQrpkKI7=0D=0A=
L2rVN6+H6PEGcvrOr+GlLV9luahd6+FNMUaROnZpRGGmdfzKIZRDOWmc8Y9szNYn=0D=0A=
kJInBrSm9BzvtLVodnlvgjMhmZ19ScnluuL2UMzIuf0KpdmNGkOQvVAheeSXs5eY=0D=0A=
NLkfBACudDX84dIhcD3ucvguEjlKHFowI5tbAHcblLd4jZvXCYAJzVLGAEdH8oWq=0D=0A=
xYDAAk+thsQJUht25OItl+hSQNpQ/pJrthuT3OENk2XIdpos3K4EKG0YR5tYKYZb=0D=0A=
iFTMRMINpf5PXa7qukZsIA5lIzUS77mleA34NWXlnIY4dlYVKLQeQ2FybCBMaXR0=0D=0A=
IDxjYXJsQGV4ZWN1bGluay5jb20+iFcEExECABcFAj3d4D0FCwcKAwQDFQMCAxYC=0D=0A=
AQIXgAAKCRBrr0xwuC5r72jdAJ9VqbFUzYy0gUnlBo0BcbizfmLewwCeMgsUNC0u=0D=0A=
caFSIkZlV8hTYIKVuD2IXwQTEQIAFwUCPd3gPQULBwoDBAMVAwIDFgIBAheAABIJ=0D=0A=
EGuvTHC4LmvvB2VHUEcAAQFo3QCgzm/j/P9upramJ4u2ntocZbDLRtcAnRulSr5b=0D=0A=
7oQI2ZoYef0aIN/Ct98FiEYEEBECAAYFAj3tOz0ACgkQVewcGcWxC+0vCACgwfBV=0D=0A=
h7pXdPz+FKNaLMz1NSL9xZIAn1zq726XFNt2AV2EPMXRyqVU+KbNuQENBD3d4FkQ=0D=0A=
BADq9erWD/Y2vWcVennI4hw2gBu2DPnaBtK1B+VBtgLEREveKQK9psd2pGOWK2Fq=0D=0A=
xpLexA3ntWB/mbJGew53eUooYRnapbSq0gKrhjDc+NhkeILTm59CMKK4ew/FH8PA=0D=0A=
AzLVvFqvwwLOqwaXJhcQkl82iTLzw1D/J3kW6LvSsXtpCwADBQQAvzGmk9vC4Gdf=0D=0A=
P7RhkVJbsyuyb4w8fB5GIiTEsIK94YirC98uFMe1EPGo4hpDaqK8OT3lhvpBMRxc=0D=0A=
65msJPoYQqi+OZT4trA0HcRu5Z9Dnh3gRzrn2zyOuE0PZhx1WHQLIDc+104HXnKF=0D=0A=
abud6ffqmxY/0a+6Y50Qa4V3Rn91CKeIRgQYEQIABgUCPd3gWgAKCRBrr0xwuC5r=0D=0A=
71Z4AKCslscwDuksm0+n5DbxgJ4tddWtJQCghCEKIg6Q5tb250jLWT1pC9WHGFY=3D=0D=0A=
=3DCmbg=0D=0A=
-----END PGP PUBLIC KEY BLOCK-----=0D=0A=
url:http://www.execulink.com
version:2.1
end:vcard
