Wireshark · Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and"readfilter" - conclusion

[Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>]

Jeff Morriss wrote:
> Maynard, Chris wrote:
> > Anyway, I tried it and it seems to work better, although compared to the
> > 0.99.6 version, the output differs given the same options.  I would
> > expect the output to be the same, no?
> >
> > Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap":
> >
> > tshark-SVN-23133:
> > "C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap
> >   1   0.000000 192.168.1.100 -> 192.168.1.1 74
> >   2   0.000272 192.168.1.1 -> 192.168.1.100 74
> >   3   1.002940 192.168.1.100 -> 192.168.1.1 74
> >   4   1.003186 192.168.1.1 -> 192.168.1.100 74
> >
> > tshark-0.99.6:
> > "C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap
> > No log handling enabled - turning on stderr logging
> >   1   0.000000 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request
> >   2   0.000305 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
> >   3   1.001864 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request
> >   4   1.002157 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
>
> Hmmm, yeah.  I'll see if I can get my Windows build going again though 
> IIRC I never could capture stuff with my own builds.

Well it works fine for me...  Not sure why your SVN version isn't 
dissecting the ICMP part.  Does the file load in Wireshark?  (Do you 
have the ICMP dissector disabled--only in the SVN version?)