| Bug ID |
10158
|
| Summary |
mp2t.af.pcr is not useable as an integer value in tshark CSV or capture filters
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.7
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Version 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10)
Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Apr 22 2014), with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz, with 4046MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Please see stackoverflow for complete coverage of issue:
http://stackoverflow.com/questions/23909173/how-can-i-use-the-value-of-mp2t-af-pcr-as-a-tshark-field
---------------------------
I have a wireshark capture that contains an RTP multicast stream (plus some
other incidental data).
Using a Tshark command like the following, I can produce a CSV of the RTP
timestamp compared with the packet capture time:
tshark.exe -r "capture.pcap" -Eseparator=, -Tfields -e rtp.timestamp -e
frame.time_epoch -d udp.port==5000,rtp
This decodes the UDP packets as RTP, and successfully prints out the two fields
as expected.
Now, the issue: The payload of the RTP stream is an MPEG2 Transport Stream, and
I also want to print the PCR value (if there is one) alongside the packet and
RTP timestamps. In wireshark, I can see the PCR being decoded correctly,
however using a command like the following:
tshark.exe -r "HBO HD CZ.pcap" -Eseparator=,-Tfields -e rtp.timestamp -e
frame.time_epoch -e mp2t.af.pcr -d udp.port==5000,mp2t
...only prints out a "1" if there is a PCR oresent, not the actual value. I
have also checked the .pcr_flag to confirm that these two are not exchanged,
but still I see the same result.
The documentation seems to call mp2t.af.pcr a "Label", does this mean that
Tshark is not able to use it as a field? There needs to be a way to generate a
CSV with these values.
The problem is that the value that Wireshark displays after "base(XXX)*300 +
ext(YYY)" is calculated and displayed, but the field itself isn't given an
integral type and is instead given a type that doesn't have a value. Arguably,
it should be an FT_UINT64 field and should be given a value, so that you can
filter on it and can print the value in TShark.
You are receiving this mail because:
- You are watching all bug changes.