Wireshark-users: Re: [Wireshark-users] tshark RTP decodes

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Tue, 4 Sep 2012 02:48:33 +0200
On Sat, Sep 01, 2012 at 04:03:54PM +0000, Barry Constantine wrote:
> I know how to redecode to RTP in UI, but would like to the same at command line and extract fields.
...
> tshark -r rtp_call.pcap -o rtp.heuristic_rtp:TRUE -T fields -e rtp.seq
...
> It accepts the -o option, but the rtp.seq field is displayed with no content.

Works for me here:
tshark -r rtp-only-test.pcap -o rtp.heuristic_rtp:TRUE -T fields -e rtp.seq

tshark -v
WARNING: no socket to connect to
TShark 1.9.0 (SVN Rev 44762 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GLib 2.30.1, with libpcap, with libz 1.2.5, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.7.5, with Lua
5.1, without Python, with GnuTLS 3.0.3, with Gcrypt 1.5.0, with MIT Kerberos,
with GeoIP.

Running on Linux 3.1.10-1.16-desktop, with locale de_DE.UTF-8, with libpcap
version 1.1.1, with libz 1.2.5.

Built using gcc 4.7.1 20120723 [gcc-4_7-branch revision 189773].

Ciao
     Jörg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.