On Jun 25, 2008, at 12:06 PM, Tennis Smith wrote:
How can I figure out all the fields which can be displayed in a
protocol?
Either
1) start up Wireshark, click the "Filter:" button, click the
"Expression" button in the dialog that pops up, scroll through the
"Field name" part of the dialog *that* pops up looking for your
protocol, and then click on the triangle to open up the list of named
fields for the protocol
or
2) run "tshark -G" and pipe its output to a program such as grep
(UN*X, Windows with Cygwin) or find (Windows) searching for a pattern
consisting of a tab, the abbreviated name of the protocol, and another
tab
or
3) search the rather-large "wireshark-filter(4)" man page for the
protocol in question.
(2 could be annoying, given that a lot of command interpreters appear
to treat tab as a name completion character or something else
special. The output format is also not exactly the most user-
friendly, as it's intended to be read by, for example, the script that
generates the wireshark-filter man page.)
