Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] tethereal column format & -z proto, colinfo incompatibilit

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Tue, 11 May 2004 19:06:36 +0200
Title: tethereal column format & -z proto,colinfo incompatibility/bug/error?

David Castleford wrote:

 

I'm using tethereal to capture traffic and have specified the column display parameters using

        tethereal -o "column.format: time,%t,length,%L,protocol,%p, MACsrc,%uhs,MACdst,%uhd,IPsrc,%s,IPdst,%d etc.

This works fine and the displayed data is in the correct format.

However, I also need to access other protocol information that is not available via the column format.

I hoped to use the -z proto,colinfo,filter,field option  to add the parameters

Eg      tethereal -z proto,colinfo,udp.checksum_bad,udp.checksum_bad or
                "      "                "  tcp.analysis.ack_rtt,tcp.analysis.ack_rtt

Or whatever other field I want displayed.

This works fine so that I see the field displayed as eg udp.checksum_bad == 1
but only for the default ethereal column format….

If I specify different columns either with the -o option in tethereal or by changing the column preferences in ethereal and try using

        -z proto,colinfo,filter,field    I get the following error message:

** ERROR **:file columns-utils.c: line 274: assertion failed: (cinfo->col_first[el] >=0)
Aborting…

Using Windows 2000 Prof and Windows XP Prof with Ethereal 0.10.3 gives exactly the same error message.

Is this a bug? Is there any way I can use the following command successfully?:

        tethereal -o "column.format:…………." -z proto,colinfo,….,…..   -z proto,colinfo

 
In order to get the values for "-z proto,colinfo" printed out you need to have the Info-column (%i) in column.format since the colinfo result
is put in the Info-column.
 
I guess that you maybe don't have %i in your column.format and maybe then you get the assert.
 
I don't have possibilities to test this right now, but I know I have used tethereal in a similar way as you have dscribed quite recently.
I'm using some batch-files that calls tethereal with column.format and -z proto,colinfo and then it is working if I have a %i in column.format
 
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube