I verified that the SVN version does have ICMP enabled. I loaded the
capture file into Wireshark-SVN and both the Protocol and Info columns
are blank. (I'm up to SVN-23155 at the moment.)
When I load the same capture file into Wireshark-0.99.6, the Protocol
and Info columns are correctly populated.
Hmm, so it's probably not a tshark specific problem after all, but more
likely some sort of column problem?
- Chris
(I'll try another distclean and rebuild everything again, but I can't do
it right now ... that'll probably have to wait until I get home.)
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss
Sent: Friday, October 12, 2007 4:29 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] tshark: drop features "dump to
stdout"and"readfilter" - conclusion
Jeff Morriss wrote:
> Maynard, Chris wrote:
>> Anyway, I tried it and it seems to work better, although compared to
the
>> 0.99.6 version, the output differs given the same options. I would
>> expect the output to be the same, no?
>>
>> Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap":
>>
>> tshark-SVN-23133:
>> "C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap
>> 1 0.000000 192.168.1.100 -> 192.168.1.1 74
>> 2 0.000272 192.168.1.1 -> 192.168.1.100 74
>> 3 1.002940 192.168.1.100 -> 192.168.1.1 74
>> 4 1.003186 192.168.1.1 -> 192.168.1.100 74
>>
>> tshark-0.99.6:
>> "C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap
>> No log handling enabled - turning on stderr logging
>> 1 0.000000 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping)
request
>> 2 0.000305 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
>> 3 1.001864 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping)
request
>> 4 1.002157 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
>
> Hmmm, yeah. I'll see if I can get my Windows build going again though
> IIRC I never could capture stuff with my own builds.
Well it works fine for me... Not sure why your SVN version isn't
dissecting the ICMP part. Does the file load in Wireshark? (Do you
have the ICMP dissector disabled--only in the SVN version?)
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.
