Wireshark-dev: Re: [Wireshark-dev] Various problems with tshark
From: Joerg Mayer <[email protected]>
Date: Mon, 31 Aug 2015 21:07:05 +0200
Hello Pascal,

thanks for the quick response - solved my immediate problem ;-)

On Mon, Aug 31, 2015 at 08:17:44AM +0200, Pascal Quantin wrote:
> 2015-08-31 5:34 GMT+02:00 Joerg Mayer <[email protected]>:
> > When using tshark from head I have a bunch of problems right now:
> >
> > 1) stderr is getting spammed with
> > (process:9870): Capture-WARNING **: Dissector stp incomplete in frame
> > 41915: undecoded byte number 57 (0x0030+9)
> >
> You seem to have activated the prefs.enable_incomplete_dissectors_check.
> Simply go to Preferences -> Protocols and uncheck "Look for incomplete
> dissectors".

Yes, I do, but I really expected that to be (similar to) expert items, not
some "spam" taht (optically) interfers with the normal output of tshark.

> > 2) -T fields -e _ws.col.info isn't working (empty column), both with and
> > without -V

> The right field name is _ws.col.Info

Sigh. Is _ws.* documented in one of the manpages? I couldn't find it. And the
only mention I could find (the tshark manpage) used a small 'i'.
Could we plese agree to either *always* use small letters or to make the
filter names case insensitive? Also:
$ tshark -T fields -e asdf
** (process:13516): WARNING **: 'asdf' isn't a valid field!
tshark: Some fields aren't valid
$ tshark -T fields -e _ws.col.info
Capturing on 'Wi-Fi'
21 packets captured
[email protected]:~/firmatmp/salalah/WIP/tests/radius$ tshark -T fields -e _ws.col.asdf
Capturing on 'Wi-Fi'
Should we try for a bit more consistency here?

Thanks again

Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.