Wireshark-bugs: [Wireshark-bugs] [Bug 12606] New: Defining a value type for a specific field

Date: Mon, 11 Jul 2016 09:42:51 +0000
Bug ID 12606
Summary Defining a value type for a specific field
Product Wireshark
Version 2.0.3
Hardware All
OS All
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component TShark
Assignee [email protected]
Reporter [email protected]

Created attachment 14713 [details]
How Wireshark represents the MNC Values

Build Information:
TShark (Wireshark) 2.0.3 (v2.0.3-0-geed34f0 from master-2.0)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with
SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt
1.6.2, with MIT Kerberos, with GeoIP.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
English_United States.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.2.15, with Gcrypt 1.6.2.
        Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (with SSE4.2), with 8084MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629
--
The values returned by GUI and tshark command in -T fields and -T PDML modes
are not always and necessarily the same. The attached photo shows one of these
fields (MNC-value). 

GUI shows the value "Telecom Deutschland GmbH (01)", the -T fields -e e212.mnc
returns "1" and the PDML representation returns the following output, in which
the value is represented in hex:

 <field name="e212.mnc" showname="Mobile Network Code (MNC): Telekom
Deutschland GmbH (01)" size="2" pos="187" show="1" value="f210"/>

I wished there was a way to tell tshark which one of these three outputs I
would like to receive in the outcome (presented respectively as showname, show,
value in PDML output); basically, by asking tshark to return the value of this
specific field in HEX or integer.

We are hoping, this could be achieved by using something roughly like this on
the command line:

   -T fields -e [hex|showname|show]:e212.mnc

instead of
   -T fields -e e212.mnc


You are receiving this mail because:
  • You are watching all bug changes.