Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 539] Tethereal -z funcion not work

Wireshark-bugs: [Wireshark-bugs] [Bug 539] Tethereal -z funcion not work

Date: Wed, 20 Aug 2008 07:29:54 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=539


Sake <sake@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




--- Comment #6 from Sake <sake@xxxxxxxxxx>  2008-08-20 07:29:52 PDT ---
I tried with SVN 25902 (on Linux) and seem to get expected results on all
mentioned tests:

sake@brutus:/tmp$ tshark -v
TShark 1.0.99 (SVN Rev 25902)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.4, with libpcap 0.9.8, with libz 1.2.3.3, without POSIX
capabilities, with libpcre 7.4, with SMI 0.4.5, with ADNS, without Lua, with
GnuTLS 2.0.4, with Gcrypt 1.2.4, without Kerberos.

Running on Linux 2.6.24-19-server, with libpcap version 0.9.8.

Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7).
sake@brutus:/tmp$ tshark -r 19.cap -T text -z "proto,colinfo,ip.src,ip.src"
  1   0.000000 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=100  ip.src == 206.130.75.70
  2  -1.950069 206.130.75.41 -> 206.130.75.70 TCP mtport-regist > ssh [ACK]
Seq=1 Ack=101 Win=64995 Len=0  ip.src == 206.130.75.41
  3   1.322921 WwPcbaTe_68:a4:14 -> Broadcast    ARP Who has 206.130.75.239? 
Tell 206.130.75.135
  4   1.338383 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>  ip.src == 206.130.75.239
  5   2.089559 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>  ip.src == 206.130.75.239
  6   2.370592 Intel_70:c4:6d -> Broadcast    ARP Who has 206.130.75.42?  Tell
206.130.75.111
  7   2.840721 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>  ip.src == 206.130.75.239
  8   4.285446 Intel_f0:f3:bd -> Broadcast    ARP Who has 206.130.75.222?  Tell
206.130.75.14
  9   4.295193 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  ip.src == 206.130.75.41
 10   4.295199 206.130.75.70 -> 206.130.75.41 TCP ssh > patrol-mq-gm [ACK]
Seq=1 Ack=21 Win=5840 Len=0  ip.src == 206.130.75.70
 11   4.305976 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  ip.src == 206.130.75.70
 12   4.416063 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  ip.src == 206.130.75.41
 13   4.425953 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  ip.src == 206.130.75.70
 14   4.536843 206.130.75.41 -> 206.130.75.70 TCP patrol-mq-gm > ssh [ACK]
Seq=41 Ack=41 Win=65211 Len=0  ip.src == 206.130.75.41
 15   4.604263 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  ip.src == 206.130.75.41
 16   4.614918 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  ip.src == 206.130.75.70
 17   4.682223 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  ip.src == 206.130.75.41
 18   4.692904 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  ip.src == 206.130.75.70
 19   4.847777 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  ip.src == 206.130.75.41
sake@brutus:/tmp$ tshark -r 19.cap -T text -z
"proto,colinfo,frame.time,frame.time"
  1   0.000000 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=100  frame.time == "Oct 31, 2006 17:11:19.347661000"
  2  -1.950069 206.130.75.41 -> 206.130.75.70 TCP mtport-regist > ssh [ACK]
Seq=1 Ack=101 Win=64995 Len=0  frame.time == "Oct 31, 2006 17:11:17.397592000"
  3   1.322921 WwPcbaTe_68:a4:14 -> Broadcast    ARP Who has 206.130.75.239? 
Tell 206.130.75.135  frame.time == "Oct 31, 2006 17:11:20.670582000"
  4   1.338383 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>  frame.time == "Oct 31, 2006 17:11:20.686044000"
  5   2.089559 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>  frame.time == "Oct 31, 2006 17:11:21.437220000"
  6   2.370592 Intel_70:c4:6d -> Broadcast    ARP Who has 206.130.75.42?  Tell
206.130.75.111  frame.time == "Oct 31, 2006 17:11:21.718253000"
  7   2.840721 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>  frame.time == "Oct 31, 2006 17:11:22.188382000"
  8   4.285446 Intel_f0:f3:bd -> Broadcast    ARP Who has 206.130.75.222?  Tell
206.130.75.14  frame.time == "Oct 31, 2006 17:11:23.633107000"
  9   4.295193 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  frame.time == "Oct 31, 2006 17:11:23.642854000"
 10   4.295199 206.130.75.70 -> 206.130.75.41 TCP ssh > patrol-mq-gm [ACK]
Seq=1 Ack=21 Win=5840 Len=0  frame.time == "Oct 31, 2006 17:11:23.642860000"
 11   4.305976 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  frame.time == "Oct 31, 2006 17:11:23.653637000"
 12   4.416063 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  frame.time == "Oct 31, 2006 17:11:23.763724000"
 13   4.425953 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  frame.time == "Oct 31, 2006 17:11:23.773614000"
 14   4.536843 206.130.75.41 -> 206.130.75.70 TCP patrol-mq-gm > ssh [ACK]
Seq=41 Ack=41 Win=65211 Len=0  frame.time == "Oct 31, 2006 17:11:23.884504000"
 15   4.604263 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  frame.time == "Oct 31, 2006 17:11:23.951924000"
 16   4.614918 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  frame.time == "Oct 31, 2006 17:11:23.962579000"
 17   4.682223 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  frame.time == "Oct 31, 2006 17:11:24.029884000"
 18   4.692904 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20  frame.time == "Oct 31, 2006 17:11:24.040565000"
 19   4.847777 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20  frame.time == "Oct 31, 2006 17:11:24.195438000"
sake@brutus:/tmp$ tshark -r 19.cap -T text -z
"io,stat,10,ip.src==206.130.75.70"
  1   0.000000 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=100
  2  -1.950069 206.130.75.41 -> 206.130.75.70 TCP mtport-regist > ssh [ACK]
Seq=1 Ack=101 Win=64995 Len=0
  3   1.322921 WwPcbaTe_68:a4:14 -> Broadcast    ARP Who has 206.130.75.239? 
Tell 206.130.75.135
  4   1.338383 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  5   2.089559 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  6   2.370592 Intel_70:c4:6d -> Broadcast    ARP Who has 206.130.75.42?  Tell
206.130.75.111
  7   2.840721 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  8   4.285446 Intel_f0:f3:bd -> Broadcast    ARP Who has 206.130.75.222?  Tell
206.130.75.14
  9   4.295193 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 10   4.295199 206.130.75.70 -> 206.130.75.41 TCP ssh > patrol-mq-gm [ACK]
Seq=1 Ack=21 Win=5840 Len=0
 11   4.305976 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 12   4.416063 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 13   4.425953 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 14   4.536843 206.130.75.41 -> 206.130.75.70 TCP patrol-mq-gm > ssh [ACK]
Seq=41 Ack=41 Win=65211 Len=0
 15   4.604263 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 16   4.614918 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 17   4.682223 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 18   4.692904 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 19   4.847777 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20

===================================================================
IO Statistics
Interval: 10.000 secs
Column #0: ip.src==206.130.75.70
                |   Column #0    
Time            |frames|  bytes  
000.000-010.000       6       504 
===================================================================
sake@brutus:/tmp$ tshark -r 19.cap -T text -z "io,stat,10"
  1   0.000000 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=100
  2  -1.950069 206.130.75.41 -> 206.130.75.70 TCP mtport-regist > ssh [ACK]
Seq=1 Ack=101 Win=64995 Len=0
  3   1.322921 WwPcbaTe_68:a4:14 -> Broadcast    ARP Who has 206.130.75.239? 
Tell 206.130.75.135
  4   1.338383 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  5   2.089559 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  6   2.370592 Intel_70:c4:6d -> Broadcast    ARP Who has 206.130.75.42?  Tell
206.130.75.111
  7   2.840721 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  8   4.285446 Intel_f0:f3:bd -> Broadcast    ARP Who has 206.130.75.222?  Tell
206.130.75.14
  9   4.295193 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 10   4.295199 206.130.75.70 -> 206.130.75.41 TCP ssh > patrol-mq-gm [ACK]
Seq=1 Ack=21 Win=5840 Len=0
 11   4.305976 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 12   4.416063 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 13   4.425953 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 14   4.536843 206.130.75.41 -> 206.130.75.70 TCP patrol-mq-gm > ssh [ACK]
Seq=41 Ack=41 Win=65211 Len=0
 15   4.604263 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 16   4.614918 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 17   4.682223 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 18   4.692904 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
 19   4.847777 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20

===================================================================
IO Statistics
Interval: 10.000 secs
Column #0: 
                |   Column #0    
Time            |frames|  bytes  
000.000-010.000      18      1390 
===================================================================
sake@brutus:/tmp$ 


Closing as WORKSFORME


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Prev by Date: [Wireshark-bugs] [Bug 1194] Timestamp oddness
Next by Date: [Wireshark-bugs] [Bug 953] Incorrectly parsing SIP Contact information
Previous by thread: [Wireshark-bugs] [Bug 1194] Timestamp oddness
Next by thread: [Wireshark-bugs] [Bug 953] Incorrectly parsing SIP Contact information
Index(es):
- Date
- Thread