Wireshark · Wireshark-dev: [Wireshark-dev] Some fields output nothing, when using tshark with -T fields

Wireshark-dev: [Wireshark-dev] Some fields output nothing, when using tshark with -T fields

Date: Thu, 17 Jan 2008 16:19:52 +0100

Hello

Some fields output nothing, when tshark is used with the -T fields
option, for example tcp.analysis.retransmission [1] I first thought
that this is because it's type is 'None', then I saw that this is also
the case for other fields, like tcp.analysis.duplicate_ack_num.

I had a look at the code, especially the file
epan/dissectors/packet-tcp.c, but I could not figure out where it sets
the value, which is used in the field later. I think it should be
possible to patch wireshark, so it output something useful for the
fields I need. Please tell me which variables/structures are used for
that.

Regards Nils

[1] http://www.wireshark.org/docs/dfref/t/tcp.html

Follow-Ups:
- Re: [Wireshark-dev] Some fields output nothing, when using tshark with -T fields
  - From: Sake Blok

Prev by Date: [Wireshark-dev] Unistim Protocol decoder
Next by Date: Re: [Wireshark-dev] capinfos library issue when run from build dir (Unix)
Previous by thread: [Wireshark-dev] Unistim Protocol decoder
Next by thread: Re: [Wireshark-dev] Some fields output nothing, when using tshark with -T fields
Index(es):
- Date
- Thread