Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 117, Issue 4
From: Barry Constantine <barryconstant@xxxxxxxxx>
Date: Sun, 21 Feb 2016 15:34:30 +0000 (UTC)
Thanks Chris! I'll stick with the -T fields -e option and then decode the numerical value into the named interval, etc per the PTP specification and dissector. I am writing in a script anyway, so this will be easy to map. Thanks again, Barry -------------------------------------------- On Sun, 2/21/16, wireshark-users-request@xxxxxxxxxxxxx <wireshark-users-request@xxxxxxxxxxxxx> wrote: Subject: Wireshark-users Digest, Vol 117, Issue 4 To: wireshark-users@xxxxxxxxxxxxx Date: Sunday, February 21, 2016, 7:00 AM Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. PTP Protocol Fields (Barry Constantine) 2. Re: PTP Protocol Fields (Christopher Maynard) ---------------------------------------------------------------------- Message: 1 Date: Sat, 20 Feb 2016 16:04:01 +0000 (UTC) From: Barry Constantine <barryconstant@xxxxxxxxx> To: <wireshark-users@xxxxxxxxxxxxx> Subject: [Wireshark-users] PTP Protocol Fields Message-ID: <848612689.234812.1455984241569.JavaMail.yahoo@xxxxxxxxxxxxxx> Content-Type: text/plain; charset=UTF-8 Hello, I am trying to use tshark to export fields to a text file for the PTP protocol. I usually determine the correct field name by right clicking in the UI and then determining the field name, in this example, one would be: ptp.v2.sig.tlv.logInterMessagePeriod.period If I copy the value as a test it always shows "0", but copying the Description, I get the readable value "period: every 1 seconds" Is there a way to get tshark to export the description versus the value with the -e option? Also, curious why the value differs from the description field presented in the UI (value is always "0"). Thanks, Barry ------------------------------ Message: 2 Date: Sat, 20 Feb 2016 17:01:51 +0000 (UTC) From: Christopher Maynard <Christopher.Maynard@xxxxxxx> To: wireshark-users@xxxxxxxxxxxxx Subject: Re: [Wireshark-users] PTP Protocol Fields Message-ID: <loom.20160220T173537-48@xxxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii Barry Constantine <barryconstant@...> writes: > Is there a way to get tshark to export the description versus the value with the -e option? Not with the -e option, at least not that I'm aware of. You might be able to script something though? For example, if you *only* wanted to see the text for the ptp.v2.sig.tlv.logInterMessagePeriod.period field, you should be able to achieve this like so: tshark -r ptp_file.pcap -Y "ptp.v2.sig.tlv.logInterMessagePeriod.period" -O ptp | grep "period:" (Substitute "findstr" for "grep" if you're on Windows.) > Also, curious why the value differs from the description field presented in the UI (value is always "0"). This is because the value gives you the raw data, which is 0, whereas Wireshark is showing you the calculated/interpreted value, which is 2^value, or in this case, 2^0=1. (See: https://goo.gl/hMd3lC) - Chris ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 117, Issue 4 ***********************************************
- Prev by Date: Re: [Wireshark-users] PTP Protocol Fields
- Next by Date: [Wireshark-users] Decrypting SSL/TLS with cipher re-negotiation during session
- Previous by thread: Re: [Wireshark-users] PTP Protocol Fields
- Next by thread: [Wireshark-users] Decrypting SSL/TLS with cipher re-negotiation during session
- Index(es):