ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] tshark summary lines

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Christopher Maynard <Christopher.Maynard@xxxxxxxxx>
Date: Tue, 2 Oct 2012 17:57:43 +0000 (UTC)
 <mmann78@...> writes:

> -----Original Message-----
> 
> From: Ed Beroset <beroset@xxxxxxxxxxxxxx>
> 
> To: Developer support list for Wireshark
<wireshark-dev@xxxxxxxxxxxxx>
> 
> Sent: Tue, Oct 2, 2012 11:25 am
> 
> Subject: [Wireshark-dev] tshark summary lines
> 
> Someone has asked a question on the wiki
>
http://ask.wireshark.org/questions/14581/how-to-use-tshark-to-output-a-tcpdump-
into-text-formatted-file
> 
> Which asks if tshark can emit both the summary lines AND the details 
> from -V.  There is currently no way to do that, but it seemed to me like 
> a reasonable question.  Should it be added?
> 
> If so, I was thinking the combination of -V -P might be a reasonable way 
> to do that.  What say you all?

> Isn't this bug 2892?  (https://bugs.wireshark.org/bugzilla
/show_bug.cgi?id=2892)
> 
> Or 4314? (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4314)

They are all different:
For bug 2892, if you use -T fields, there's no way to have the info column
information also displayed.  Support would have to be added to be able to
specify something like e.g., "-e col.info"

For bug 4314, I interpreted this as the user performing the following steps in
Wireshark: File -> Print -> Output to file: wireshark.out, but then
wireshark.out cut off the long Info column unless a custom column was added. 
But now I just tried that and it seemed to work fine, but I don't know how long
the info line must be for this to occur.  So either this bug is already fixed
or more information is needed in order to be able to reproduce it.  (I thought
*maybe* this was the same as bug 7543, but adding a custom column matter for
bug 7543, so I don't think they're the same either.)

So this new one from ask that Ed mentioned here is about printing both the
entire summary line, which you get with -P, as well as the packet details,
which you get with -V.  Currently if you specify both -P and -V, you get the 
packets details only, but no summary line.  I'd say this is a reasonable 
request and that this should probably also work with -O <protocols> as well 
(any others?).  But best to file an enhancement bug report for it.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube