https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5870
Summary: tshark is too noisy when using -V
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: FreeBSD
Status: NEW
Severity: Major
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxxxxxx
Build Information:
[~/wireshark-trunk] edwin@t43>./tshark -v
TShark 1.5.2 (SVN Rev 36928 from /trunk)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with libz 1.2.3,
without
POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, with ADNS,
without Lua, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with Heimdal
Kerberos, with GeoIP.
Running on FreeBSD 8.2-RELEASE, with libpcap version 1.0.0, with libz 1.2.3.
Built using gcc 4.2.1 20070719 [FreeBSD].
[~/wireshark-trunk] edwin@t43>
--
Running tshark without the -V option does often not show enough information to
determine what is in the protocols you are interested in.
Running tshark with the -V option gives you a dissection of all layers in a
protocol, giving too much data to quickly determine what is in the protocols
you are interested in.
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
For example, to show all the HTTP packets:
$ ./tshark -nr a.cap -V -O http
[...]
Frame 3: 60 bytes on wire, 60 bytes captured
Ethernet II, Src: 00:50:56:93:15:97 (00:50:56:93:15:97), Dst: 00:50:56:93:16:cb
(00:50:56:93:16:cb)
Internet Protocol, Src: 10.11.7.107 (10.11.7.107), Dst: 10.11.51.74
(10.11.51.74)
Transmission Control Protocol, Src Port: 51520 (51520), Dst Port: 80 (80), Seq:
1, Ack: 1, Len: 0
Frame 4: 464 bytes on wire, 464 bytes captured
Ethernet II, Src: 00:50:56:93:15:97 (00:50:56:93:15:97), Dst: 00:50:56:93:16:cb
(00:50:56:93:16:cb)
Internet Protocol, Src: 10.11.7.107 (10.11.7.107), Dst: 10.11.51.74
(10.11.51.74)
Transmission Control Protocol, Src Port: 51520 (51520), Dst Port: 80 (80), Seq:
1, Ack: 1, Len: 410
Hypertext Transfer Protocol
RPC_OUT_DATA /rpc/rpcproxy.dll?gen-vcs74.doj2010.com:6002 HTTP/1.1\r\n
Cache-Control: no-cache\r\n
Connection: Keep-Alive\r\n
Pragma: SessionId=740deeb1-7dc1-4d7f-a7c2-8ce60346896b\r\n
Accept: application/rpc\r\n
Cookie: OutlookSession="{C7EB576C-03D6-4567-8961-2AD9AA14FE1E}"\r\n
User-Agent: MSRPC\r\n
Content-Length: 0\r\n
Host: gen-vcs74.doj2010.com\r\n
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAA\r\n
\r\n
[Full request URI:
http://gen-vcs74.doj2010.com/rpc/rpcproxy.dll?gen-vcs74.doj2010.com:6002]
Frame 5: 54 bytes on wire, 54 bytes captured
Ethernet II, Src: 00:0e:b6:93:b1:6e (00:0e:b6:93:b1:6e), Dst: 00:50:56:93:15:97
(00:50:56:93:15:97)
Internet Protocol, Src: 10.11.51.74 (10.11.51.74), Dst: 10.11.7.107
(10.11.7.107)
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 51520 (51520), Seq:
1, Ack: 411, Len: 0
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.