On Fri, Jan 10, 2014 at 02:07:37PM +0100, Michal Labedzki wrote:
> I have one more question: how tfshark works?
> ./tshark -V -r file.elf # works ok
> ./tfshark -V -r file.elf # does not work
>
> How to display dissector fields with tfshark? (in case I do not know
> their names)
Similar behavior here:
jmayer@egg:~> tfshark -r ./info.gif
947 -> UNKNOWN FTAP_ENCAP = 1234
jmayer@egg:~> tfshark -V -r ./info.gif
TFShark 1.11.3 (SVN Rev 54677 from /trunk)
Dump and analyze network traffic.
See http://www.wireshark.org for more information.
Copyright 1998-2014 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Usage: tfshark [options] ...
Input file:
-r <infile> set the filename to read from (no pipes or stdin!)
Processing:
-2 perform a two-pass analysis
-R <read filter> packet Read filter in Wireshark display filter syntax
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==8888,http
[more help output deleted]
default report="fields"
use "-G ?" for more help
jmayer@egg:~> tfshark -2 -V -r ./info.gif
947 -> UNKNOWN FTAP_ENCAP = 1234
jmayer@egg:~>
Ciao
Jörg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
