ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1564] New: PSML - structure context node missing

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 25 Apr 2007 00:55:44 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1564

           Summary: PSML - structure context node missing
           Product: Wireshark
           Version: 0.99.5
          Platform: All
               URL: http://www.networksecuritytoolkit.org
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: rwhalb@xxxxxxxxxxxx


Build Information:
[root@probe-biostar wireshark]# tshark -v
TShark 0.99.5

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.10.3, with libpcap 0.9.4, with libz 1.2.3, with libpcre
6.3, with Net-SNMP 5.3, with ADNS, without Lua, with GnuTLS 1.2.10, with Gcrypt
1.2.2, with MIT Kerberos.

Running on Linux 2.6.18-1.2257.fc5smp, with libpcap version 0.9.4.

Built using gcc 4.1.1 20070105 (Red Hat 4.1.1-51).

--
When generating PSML output the "structure" context node is missing if a
display filter is used that causes the 1st packet in the capture not to be
displayed:

Example 1: (PSML with "structure" context node) display filter allows the first
packet to be displayed:

tshark -T psml -R 'frame.number >= 1 && frame.number <= 2' -r /tmp/capture.cap;

−<psml version="0" creator="wireshark/0.99.5">
 −<structure>
    <section>No.</section>
    <section>Time</section>
    <section>Source</section>
    <section>Destination</section>
    <section>Protocol</section>
    <section>Info</section>
  </structure>
 −<packet>
    <section>1</section>
    <section>0.000000</section>
    <section>Cisco_53:3c:01</section>
    <section>Broadcast</section>
    <section>ARP</section>
    <section>Who has 72.226.67.93?  Tell 72.226.64.1</section>
  </packet>
 −<packet>
    <section>2</section>
    <section>0.083947</section>
    <section>Cisco_53:3c:01</section>
    <section>Broadcast</section>
    <section>ARP</section>
    <section>Who has 72.226.64.232?  Tell 72.226.64.1</section>
  </packet>
</psml>


Example 2: (PSML without "structure" context node) display filter does not
allow the first packet to be displayed:

tshark -T psml -R 'frame.number >= 2 && frame.number <= 2' -r /tmp/capture.cap;

−<psml version="0" creator="wireshark/0.99.5">
 −<packet>
    <section>2</section>
    <section>0.083947</section>
    <section>Cisco_53:3c:01</section>
    <section>Broadcast</section>
    <section>ARP</section>
    <section>Who has 72.226.64.232?  Tell 72.226.64.1</section>
  </packet>
</psml>


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube