ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: RE: [Ethereal-dev] tethereal -G reports duplicated fields

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Biot Olivier <Olivier.Biot@xxxxxxxxxxx>
Date: Fri, 18 Jun 2004 14:48:36 +0200
Boa tarde,

Ethereal explicitly allows this type of behavior. It is sometimes useful to
filter on "foo.bar" where it is being defined in more than one protocol.
Additionally, one can define a protocol field "foo.bar" several times within
the same protocol, as it may appear in different formats (E.g., 8 bit, 16
bit, text string). This way one could match all fields, irrespective of the
way the field was encoded. Within Ethereal, the protocol dissection code
would of course refer to different handles for the different formats (E.g.,
hf_foo_bar_8bit, hf_foo_bar_16bit, hf_foo_bar_text_string), but for the
end-user, the display filter "foo.bar" will then match whenever a field
registered as "foo.bar" appears in a packet, irrespective of its format.

Hope this helps!

Regards,

Olivier

-----Original Message-----
From: Carlos Bauer


Hi,


When someone runs tethereal -G it outputs a list of protocols supported
by ethereal and its fields.

I discovered tethereal is reporting duplicated fields. In some cases,
diferent protocols like fldb and dce_dfs have some fields with the
same PROTOABBREV.FIELDABBREV. In other cases, a field of a protocol
is reported twice, each instance having some diferences in "FIELDNAME",
"FIELDTYPE" or "FIELDDESCR". Sometimes it's  just a case difference.

Here is the list of the fields reported twice:

IP Data                      FT_UINT8    fldb
afsNetAddr.data
IP Data                      FT_UINT8    dce_dfs
afsNetAddr.data

Type                         FT_UINT16   dce_dfs
afsNetAddr.type
Type                         FT_UINT16   fldb
afsNetAddr.type

BandwidthDetails             FT_NONE     h225      BandwidthDetails sequence
h225.BandwidthDetails
bandwidthDetails             FT_NONE     h225      bandwidthDetails sequence
of                         h225.BandwidthDetails

destinationInfo              FT_NONE     h225      destinationInfo sequence
h225.destinationInfo
DestinationInfo              FT_NONE     h225      DestinationInfo sequence
of                          h225.destinationInfo

genericData                  FT_NONE     h225      genericData sequence of
h225.genericData
GenericData                  FT_NONE     h225      GenericData sequence
h225.genericData

remoteExtensionAddress       FT_NONE     h225      remoteExtensionAddress
sequence of                   h225.remoteExtensionAddress
RemoteExtensionAddress       FT_UINT32   h225      RemoteExtensionAddress
choice                        h225.remoteExtensionAddress

sourceInfo                   FT_NONE     h225      sourceInfo sequence
h225.sourceInfo
SourceInfo                   FT_NONE     h225      SourceInfo sequence of
h225.sourceInfo

SupportedProtocols           FT_UINT32   h225      SupportedProtocols choice
h225.SupportedProtocols
supportedProtocols           FT_NONE     h225      supportedProtocols
sequence of                       h225.SupportedProtocols

CustomPictureClockFrequency  FT_NONE     h245
CustomPictureClockFrequency sequence
h245.customPictureClockFrequency
customPictureClockFrequency  FT_NONE     h245
customPictureClockFrequency set of
h245.customPictureClockFrequency

CustomPictureFormat          FT_NONE     h245      CustomPictureFormat
sequence                         h245.customPictureFormat
customPictureFormat          FT_NONE     h245      customPictureFormat set
of                           h245.customPictureFormat

PixelAspectCode              FT_UINT32   h245      PixelAspectCode
h245.PixelAspectCode   
pixelAspectCode              FT_NONE     h245      pixelAspectCode set of
h245.PixelAspectCode

o                            FT_BOOLEAN  iscsi     Bi-directional read
residual overflow                iscsi.scsiresponse.o
O                            FT_BOOLEAN  iscsi     Residual overflow
iscsi.scsiresponse.o

U                            FT_BOOLEAN  iscsi     Residual underflow
iscsi.scsiresponse.u
u                            FT_BOOLEAN  iscsi     Bi-directional read
residual underflow               iscsi.scsiresponse.u

Authenticator                FT_NONE     kerberos  Encrypted authenticator
blob                         kerberos.Authenticator
Authenticator                FT_NONE     kerberos  This is a decrypted
Kerberos Authenticator sequence  kerberos.Authenticator

enc PRIV                     FT_BYTES    kerberos  Encrypted PRIV blob
kerberos.ENC_PRIV    
Encrypted PRIV               FT_NONE     kerberos  Kerberos Encrypted
PRIVate blob data                 kerberos.ENC_PRI

---------------

tethereal info:

This is GNU tethereal 0.10.4

Compiled with GLib 2.2.3, with WinPcap (version unknown), with libz 1.2.1,
with libpcre 4.4, with Net-SNMP 5.1, with ADNS. Running with

WinPcap version 3.1 beta3 (packet.dll version 3, 1, 0, 23), based on
libpcap version 0.8.1 on Windows XP Service Pack 1, build 2600.

*---

Regards,

Carlos Henrique Bauer
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube