Wireshark-dev: Re: [Wireshark-dev] Various problems with tshark
From: Pascal Quantin <[email protected]>
Date: Mon, 31 Aug 2015 21:47:11 +0200

2015-08-31 21:07 GMT+02:00 Joerg Mayer <[email protected]>:
Hello Pascal,

thanks for the quick response - solved my immediate problem ;-)

On Mon, Aug 31, 2015 at 08:17:44AM +0200, Pascal Quantin wrote:
> 2015-08-31 5:34 GMT+02:00 Joerg Mayer <[email protected]>:
> > When using tshark from head I have a bunch of problems right now:
> >
> > 1) stderr is getting spammed with
> > (process:9870): Capture-WARNING **: Dissector stp incomplete in frame
> > 41915: undecoded byte number 57 (0x0030+9)
> >
> You seem to have activated the prefs.enable_incomplete_dissectors_check.
> Simply go to Preferences -> Protocols and uncheck "Look for incomplete
> dissectors".

Yes, I do, but I really expected that to be (similar to) expert items, not
some "spam" taht (optically) interfers with the normal output of tshark.

My understanding is that it is not intended to be activated by default, but only in "development mode" (at least according to the comments in the Gerrit patch if I remember correctly).

> > 2) -T fields -e _ws.col.info isn't working (empty column), both with and
> > without -V

> The right field name is _ws.col.Info

Sigh. Is _ws.* documented in one of the manpages? I couldn't find it. And the
only mention I could find (the tshark manpage) used a small 'i'.

tshark.pod needs to be fixed, but tshark -h gives you _ws.col.Info.

Could we plese agree to either *always* use small letters or to make the
filter names case insensitive? Also:
$ tshark -T fields -e asdf
** (process:13516): WARNING **: 'asdf' isn't a valid field!
tshark: Some fields aren't valid
$ tshark -T fields -e _ws.col.info
Capturing on 'Wi-Fi'
21 packets captured
[email protected]:~/firmatmp/salalah/WIP/tests/radius$ tshark -T fields -e _ws.col.asdf
Capturing on 'Wi-Fi'
Should we try for a bit more consistency here?

Right now it's the column title as you configured it. Maybe it should be made case insensitive, but there is a real logic (and not inconsistency). I do not ceck this code part and whether _ws.col.XXX could (should?) trigger an error if the syntax is wrong.


Thanks again

Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe