Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5870] New: tshark is too noisy when using -V

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 28 Apr 2011 15:07:37 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5870

           Summary: tshark is too noisy when using -V
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: FreeBSD
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxxxx


Build Information:
[~/wireshark-trunk] edwin@t43>./tshark -v
TShark 1.5.2 (SVN Rev 36928 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with libz 1.2.3,
without
POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, with ADNS,
without Lua, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with Heimdal
Kerberos, with GeoIP.

Running on FreeBSD 8.2-RELEASE, with libpcap version 1.0.0, with libz 1.2.3.

Built using gcc 4.2.1 20070719  [FreeBSD].
[~/wireshark-trunk] edwin@t43>
--
Running tshark without the -V option does often not show enough information to
determine what is in the protocols you are interested in.
Running tshark with the -V option gives you a dissection of all layers in a
protocol, giving too much data to quickly determine what is in the protocols
you are interested in.

The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.

For example, to show all the HTTP packets:

$ ./tshark -nr a.cap -V -O http
[...]
Frame 3: 60 bytes on wire, 60 bytes captured
Ethernet II, Src: 00:50:56:93:15:97 (00:50:56:93:15:97), Dst: 00:50:56:93:16:cb
(00:50:56:93:16:cb)
Internet Protocol, Src: 10.11.7.107 (10.11.7.107), Dst: 10.11.51.74
(10.11.51.74)
Transmission Control Protocol, Src Port: 51520 (51520), Dst Port: 80 (80), Seq:
1, Ack: 1, Len: 0

Frame 4: 464 bytes on wire, 464 bytes captured
Ethernet II, Src: 00:50:56:93:15:97 (00:50:56:93:15:97), Dst: 00:50:56:93:16:cb
(00:50:56:93:16:cb)
Internet Protocol, Src: 10.11.7.107 (10.11.7.107), Dst: 10.11.51.74
(10.11.51.74)
Transmission Control Protocol, Src Port: 51520 (51520), Dst Port: 80 (80), Seq:
1, Ack: 1, Len: 410
Hypertext Transfer Protocol
    RPC_OUT_DATA /rpc/rpcproxy.dll?gen-vcs74.doj2010.com:6002 HTTP/1.1\r\n
    Cache-Control: no-cache\r\n
    Connection: Keep-Alive\r\n
    Pragma: SessionId=740deeb1-7dc1-4d7f-a7c2-8ce60346896b\r\n
    Accept: application/rpc\r\n
    Cookie: OutlookSession="{C7EB576C-03D6-4567-8961-2AD9AA14FE1E}"\r\n
    User-Agent: MSRPC\r\n
    Content-Length: 0\r\n
    Host: gen-vcs74.doj2010.com\r\n
    Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAA\r\n
    \r\n
    [Full request URI:
http://gen-vcs74.doj2010.com/rpc/rpcproxy.dll?gen-vcs74.doj2010.com:6002]

Frame 5: 54 bytes on wire, 54 bytes captured
Ethernet II, Src: 00:0e:b6:93:b1:6e (00:0e:b6:93:b1:6e), Dst: 00:50:56:93:15:97
(00:50:56:93:15:97)
Internet Protocol, Src: 10.11.51.74 (10.11.51.74), Dst: 10.11.7.107
(10.11.7.107)
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 51520 (51520), Seq:
1, Ack: 411, Len: 0

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube