Jeff Morriss wrote:
>
> Bryant Eastham wrote:
> > I have a set of related plugins that work fine in wireshark proper,
> > but fail to work under tshark. They all worked fine as of ethereal
> > 10.13 (the last ethereal that I used).
> >
> > The base dissector watches for TCP/IP connections, parses off a
> > network layer and the protocol number of the nested protocol. It has
a
> > registered table for subdissectors. This plugin works fine in tshark
-
> > I get summary lines from that base dissector, and in verbose mode it
> > shows me the correct protocol numbers and packet lengths. However,
> > none of the sub-dissectors, that work fine in wireshark, appear to
run in tshark.
>
> Does it work in tshark if you use a display filter (even "-R frame")?
>
> If so, your dissector may be only calling the subdissectors when
'tree'
> is set (and 'tree' may always be set for you in wireshark because
you've got color filters set up > > or something like that).
Thanks for the suggestion.
No, that does not solve the problem. It works fine for the protocol name
of my first plugin, and it does tell me that my other protocol names are
"neither a field nor a protocol name.".
That allows me to focus on why those plugins load with wireshark, but
not with tshark, even executing in the same directory. I'll continue to
investigate.
Thanks again.
