Wireshark · Wireshark-users: [Wireshark-users] Filtering multiple VLAN tags

Wireshark-users: [Wireshark-users] Filtering multiple VLAN tags

From: "NEWMAN Christopher" <Christopher.Newman@xxxxxxxxxxxxxxxxxx>

Date: Thu, 25 Sep 2008 15:53:14 -0500

Hello all,

I'm using tshark to parse a captured packet.  Most fields are easy to
grab, but I can't figure out how to grab both VLAN tags from a stacked
Ethernet frame.  The following command returns the inner (2nd) VLAN ID:

     tshark -r test.pcap -c 1 -T fields -e vlan.id

I tried using vlan.id[0], vlan[0].id, etc. to no avail.  I also tried
the following, which returns nothing in the first column and the inner
VLAN in the second column:

     tshark -r test.pcap -c 1 -T fields -e vlan.id -e vlan.id

I know tshark can process the fields correctly because the detailed XML
and verbose options show both VLANs parsed out.  I could parse those
outputs, but I really don't want to do it that way.

Does anyone know how to handle multiple matches for using the same field
name?

Thanks in advance.

Chris

Follow-Ups:
- Re: [Wireshark-users] Filtering multiple VLAN tags
  - From: NEWMAN Christopher
- Re: [Wireshark-users] Filtering multiple VLAN tags
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] How to figure out openssl's tls packet sequences ??
Next by Date: Re: [Wireshark-users] How to figure out openssl's tls packet sequences ??
Previous by thread: Re: [Wireshark-users] How to figure out openssl's tls packet sequences ??
Next by thread: Re: [Wireshark-users] Filtering multiple VLAN tags
Index(es):
- Date
- Thread