Wireshark-users: Re: [Wireshark-users] RTCP: Filtering SDES items in 'tshark'
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Martin Thorpe <martinjasonthorpe@xxxxxxxxxxxxxx>
Date: Wed, 16 Nov 2011 00:52:17 +0000
Hi all
 
I've upgraded wireshark from 1.2 (CentOS 6 x64) to version 1.7.1 in order to use the command extension that Jaap kindly highlighted below; and now when I run the following trace I get the "Mysql protocol dissector: all fields should be little endian" bug:
 
Command:
 
./tshark -i eth2 -o "rtp.heuristic_rtp: TRUE" -R 'rtcp.ssrc.cum_nr >= 50' -V -d udp.port==5005,rtcp -e rtcp.ssrc.identifier -e rtcp.ssrc.fraction -e rtcp.ssrc.cum_nr -e rtcp.ssrc.jitter -e ip.src_host -e rtcp.sdes.text -T fields -E separator=, -E quote=n
 
Errors:
 
** (process:31148): WARNING **: Dissector bug, protocol MySQL, in packet 377: proto.c:2508: failed assertion "hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ"
 
This scrolls up the screen, there were no errors during the build compilation process?
 
Any help would be appreciated
 
Thanks


On 12 November 2011 18:00, Martin Thorpe <martinjasonthorpe@xxxxxxxxxxxxxx> wrote:
Thanks Jaap that was exactly what I was looking for!



Sent from my iPhone

On 9 Nov 2011, at 10:26, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

Hi,

That should happen (given an up-to-date tshark version) by using -E occurrence=a

Thanks,
Jaap

On Mon, 7 Nov 2011 17:09:45 +0000, Martin Thorpe wrote:

Hi all
 
Hope everyone is well :-)
 
Quick question, I am receiving RTCP packets to a Linux host where I am writing away to MySQL based on several thresholds being reached, I would like to write ALL the SDES 'Text' field information but I can only seem to grab part of it, here is an example of the data that is coming in:
 
 
    Real-time Transport Control Protocol (Source description)
        10.. .... = Version: RFC 1889 Version (2)
        ..0. .... = Padding: False
        ...0 0001 = Source count: 1
        Packet type: Source description (202)
        Length: 23 (96 bytes)
        Chunk 1, SSRC/CSRC 0x2CE7939A
            Identifier: 0x2ce7939a (753374106)
            SDES items
                Type: CNAME (user and domain) (1)
                Length: 26
                Text: ext123456@10.10.10.10:1234
                Type: PHONE (phone number) (4)
                Length: 5
                Text: 50035
                Type: TOOL (name/version of source app) (6)
                Length: 50
                Text: IP Telephone (IP Telephone Firmware Version)
                Type: END (0)
 
Now using my capture running as follows I only am able to display (using fields) the final piece of text from the SDES items:
 
tshark -i eth0 -o "rtp.heuristic_rtp: TRUE" -R 'rtcp.ssrc.cum_nr >= 50' -V -d udp.port==5005,rtcp -e rtcp.ssrc.fraction -e rtcp.ssrc.jitter -e rtcp.ssrc.cum_nr -e rtcp.sdes.text -e ip.src_host -e rtp.ext -S -T fields -E separator=, -E quote=d
 
Is there anyway to also include the telephone extension number as seen in the 'Text' field above the final 'Text' field??
 
Thanks for your help

 

 
occurrence=f|l|a
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe