Bryant Eastham wrote:
I have a set of related plugins that work fine in wireshark proper, but
fail to work under tshark. They all worked fine as of ethereal 10.13
(the last ethereal that I used).
The base dissector watches for TCP/IP connections, parses off a network
layer and the protocol number of the nested protocol. It has a
registered table for subdissectors. This plugin works fine in tshark - I
get summary lines from that base dissector, and in verbose mode it shows
me the correct protocol numbers and packet lengths. However, none of the
sub-dissectors, that work fine in wireshark, appear to run in tshark.
Does it work in tshark if you use a display filter (even "-R frame")?
If so, your dissector may be only calling the subdissectors when 'tree'
is set (and 'tree' may always be set for you in wireshark because you've
got color filters set up or something like that).