Wireshark
the world's foremost network protocol analyzer
Wireshark-users: [Wireshark-users] tshark showing null values in the generated pdml file
From: "siri m" <svu004@xxxxxxxxx>
Date: Mon, 6 Oct 2008 18:12:33 -0700
Hi,
Currently, we are using tshark 0.99.6 to convert a SMPP capture file to pdml format using the following:
tshark –Tpdml –r capturefile.cap > sample.xml
The sample.xml contains null values for the show and value attributes as shown below:
<field
name="smpp.message" showname="Message" size="77" pos="115" show="" value=""/>
However, if we use the tethereal (0.10.12) to parse the same capture file, it produces the following, which is what we want:
<field
name="smpp.message" showname="Message" size="77" pos="115" show="
2f:2f"
value="2f2f"/>
Also, I have noticed that if we open the same capturefile.cap in wireshark gui 0.99.6 contains the right show and value for the smpp.message as shown by tethereal 0.10.12.
Is it a known issue with tshark/pdml producing null values for show and value? Has anyone come across this issue? Any pointers would be quite helpful to me,
Thanks,
- Follow-Ups:
- Prev by Date: Re: [Wireshark-users] Unexplained Netbios Traffic
- Next by Date: Re: [Wireshark-users] tshark showing null values in the generated pdml file
- Previous by thread: Re: [Wireshark-users] Script/Macro to set time reference?
- Next by thread: Re: [Wireshark-users] tshark showing null values in the generated pdml file
- Index(es):