Wireshark-dev: Re: [Wireshark-dev] Linking error tfshark

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Fri, 10 Jan 2014 16:10:21 +0100
On Fri, Jan 10, 2014 at 02:07:37PM +0100, Michal Labedzki wrote:
> I have one more question: how tfshark works?
> ./tshark -V -r file.elf # works ok
> ./tfshark -V -r file.elf # does not work
>
> How to display dissector fields with tfshark? (in case I do not know
> their names)

Similar behavior here:

jmayer@egg:~> tfshark -r  ./info.gif
 947                         ->              UNKNOWN FTAP_ENCAP = 1234
jmayer@egg:~> tfshark -V -r  ./info.gif
TFShark 1.11.3 (SVN Rev 54677 from /trunk)
Dump and analyze network traffic.
See http://www.wireshark.org for more information.

Copyright 1998-2014 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Usage: tfshark [options] ...

Input file:
  -r <infile>              set the filename to read from (no pipes or stdin!)

Processing:
  -2                       perform a two-pass analysis
  -R <read filter>         packet Read filter in Wireshark display filter syntax
  -Y <display filter>      packet displaY filter in Wireshark display filter
                           syntax
  -d <layer_type>==<selector>,<decode_as_protocol> ...
                           "Decode As", see the man page for details
                           Example: tcp.port==8888,http
[more help output deleted]
                           default report="fields"
                           use "-G ?" for more help
jmayer@egg:~> tfshark -2 -V -r  ./info.gif
 947                         ->              UNKNOWN FTAP_ENCAP = 1234
jmayer@egg:~>

 Ciao
     Jörg
--
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.