Wireshark · Wireshark-dev: Re: [Wireshark-dev] tshark -T fields

Wireshark-dev: Re: [Wireshark-dev] tshark -T fields

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Wed, 07 Jul 2010 11:06:33 -0400

Peter Gordon wrote:

tshark can be used to display fields using the -T option.
If the same field occurs a number of times within a protocol,
only one value ( the last ) gets displayed.

As far as I can see the error looks like it comes from theroutine proto_tree_write_fields.

The -T pdml option gives the correct output, but is too voluminous.

Can anyone help with a fix?


There's at least one bug for that:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3818

It was discussed quite a bit at Sharkfest this year too--there seemed tobe quite a bit of interest in finding a way to fix it. (But: asevidenced by the fact that there is so much interest and it hasn't beendone yet, it's non-trivial to implement.)

Follow-Ups:
- Re: [Wireshark-dev] tshark -T fields
  - From: Douglas Wood

References:
- [Wireshark-dev] tshark -T fields
  - From: Peter Gordon

Prev by Date: Re: [Wireshark-dev] FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark
Next by Date: [Wireshark-dev] Obsolete check_col(pinfo->cinfo, COL_INFO)
Previous by thread: [Wireshark-dev] tshark -T fields
Next by thread: Re: [Wireshark-dev] tshark -T fields
Index(es):
- Date
- Thread