Wireshark · Ethereal-users: RE: [Ethereal-users] Problem with tethereal -z proto, colinfo, tc p.analysis.xxxx and -z proto,colin

Ethereal-users: RE: [Ethereal-users] Problem with tethereal -z proto, colinfo, tc p.analysis.xxx

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Jeff Dubis" <jeffdubis@xxxxxxxxxxxxxxxxxx>

Date: Wed, 1 Oct 2003 15:01:22 -0400

Title: RE: [Ethereal-users] Problem with tethereal -z proto, colinfo, tcp.analysis.xxxx and -z proto,colinfo,tcp.options.xxxx

Guy,

Excellent!! The flag "-o tcp.analyze_sequence_numbers:true" did the trick for the tcp.analysis.xxxx parameters

E.g.

Tethereal -o tcp.analyze_sequence_numbers:true -z proto,colinfo,tcp.analysis.ack_rtt,tcp.analysis.ack_rtt

Tethereal output:
9.352569 60 131.1.2.4 1083 131.1.2.3 1162 TCP 1083 > 1162 [ACK] Seq=28402482 Ack=1587647067 Win=7592 Len=0 tcp.analysis.ack_rtt == 0.001642000

However I can't seem to get the tcp.options.xxxx parameters to work.

I tried:

Tethereal -o tcp.analyze_sequence_numbers:true -z proto,colinfo.tcp.options.sack,tcp.options.sack

But no luck.

Is there a listing of -o flags? Probably need to include another -o preference.value flag with tethereal.

Thanks,
Jeff

Application Performance Engineering Group

Web Site: http://ape.us.nortel.com
Phone: (919)-992-5019
ESN: 352-5019
Email: dubis@xxxxxxxxxxxxxxxxxx
Yahoo ID: Jeff_Dubis

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Wednesday, October 01, 2003 2:27 PM
To: Dubis, Jeff [GWRTP:T830:EXCH]
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Problem with tethereal -z proto, colinfo, tcp.analysis.xxxx and -z proto,colinfo,tcp.options.xxxx

On Sep 30, 2003, at 8:58 PM, Jeff Dubis wrote:

> Does anyone know why tethereal 0.9.15 does not seem to produce the
> additional columns for tcp.analysis and tcp.options parameters such as
> tcp.analysis.ack_rtt or tcp.options.sack ?
>
> Other columns such as tcp.flags.syn are added to the packet without a
> problem.

If you hadn't added the second paragraph, my first suggestion would
have been "perhaps because the filter in the -z flag didn't have the
field in it" - a not-exactly-obvious characteristic of the -z flag is
that the filter has to include the fields that are being added to the
Info column, as otherwise the display filter code isn't "primed" to
fetch their values. (I'd consider that a misfeature, at best, and
arguably a bug.)

However, as you did, that wasn't the problem. The problem is probably
that you don't have TCP sequence number analysis turned on; try running
Tethereal with the flag "-o tcp.analyze_sequence_numbers:true".

Follow-Ups:
- Re: [Ethereal-users] Problem with tethereal -z proto, colinfo, tc p.analysis.xxxx and -z proto, colinfo, tcp.options.xxxx
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] Problem with tethereal -z proto, colinfo, tcp.analysis.xxxx and -z proto, colinfo, tcp.options.xxxx
Next by Date: Re: [Ethereal-users] Problem with tethereal -z proto, colinfo, tc p.analysis.xxxx and -z proto, colinfo, tcp.options.xxxx
Previous by thread: Re: [Ethereal-users] Problem with tethereal -z proto, colinfo, tcp.analysis.xxxx and -z proto, colinfo, tcp.options.xxxx
Next by thread: Re: [Ethereal-users] Problem with tethereal -z proto, colinfo, tc p.analysis.xxxx and -z proto, colinfo, tcp.options.xxxx
Index(es):
- Date
- Thread