Hi,
The absence of the value simply means the value is not there, which, given the field you requested, isn’t a surprise.
Try reshuffling the order of fields requested and see what happens.
Thanks,
Jaap
> On 03 Aug 2016, at 11:14, Martin Sehnoutka <msehnout@xxxxxxxxxx> wrote:
>
> Hi,
>
> I have a question about tshark output. Let's say, that I have capture
> like this:
>
> $ tshark -r test.pcap | head --lines 5
> 1 0.000000 7.56.29.59 → 7.39.4.46 TCP 74 53996→80 [SYN] Seq=0
> Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2800540155 TSecr=0 WS=1024
> 2 0.000260 7.39.4.46 → 7.56.29.59 TCP 74 80→53996 [SYN, ACK]
> Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=3196888027
> TSecr=2800540155 WS=1024
> 3 0.000307 7.56.29.59 → 7.39.4.46 TCP 66 53996→80 [ACK] Seq=1
> Ack=1 Win=29696 Len=0 TSval=2800540156 TSecr=3196888027
> 4 0.000431 7.56.29.59 → 7.39.4.46 TCP 205 53996→80 [PSH, ACK]
> Seq=1 Ack=1 Win=29696 Len=139 TSval=2800540156 TSecr=3196888027
> 5 0.000712 7.39.4.46 → 7.56.29.59 TCP 66 80→53996 [ACK] Seq=1
> Ack=140 Win=16384 Len=0 TSval=3196888027 TSecr=2800540156
>
> and I'd like to filter it with this set up:
>
> $ tshark -r test.pcap -Tfields -e tcp.len -e frame.len -e data.len -E
> separator=, | head --lines=5
> 0,74,
> 0,74,
> 0,66,
> 139,205,139
> 0,66,
>
> Now, tcp.len is displayed as 0, but data.len is empty. Is it by design?
> Does it mean "not applicable"?
>
> Best regards,
>
> --
> Martin Sehnoutka
> Associate Software Engineer
> Brno, Purkyňova 99
> RED HAT | TRIED. TESTED. TRUSTED.
>
