|
---- I think my question is similar to the question
of Keith titled "Adding DSCP column in Wireshark 1.4.0rc1" ----
I'm using Tshark to read a PCAP file. It filters
the DNS queries that took longer than 1 second. This is the
command:
tshark -r inputfile.pcap -R "dns.time > 1"
-T fields -e dns.resp.name -e dns.qry.type
The part of dns.qry.type shows hex values instead
of readable results. This is an example:
faststone.org
0x0001
microsoft.com 0x001c
uucp1.xs4all.nl
0x0001
When I add the same value as a collumn it works
fine and displays either A or AAAA. Which is good.
Is there a way to force Tshark to do the
same?
Thanks,
Dave
----- Original Message -----
Sent: Wednesday, June 23, 2010 8:17
PM
Subject: [Wireshark-users] Adding DSCP
column in Wireshark 1.4.0rc1
I want to add a column for DSCP, but in
V1.4.0rc1, when I right click on the DSCP field and select "Apply as column",
it uses the filter ip.dsfield.dscp. However, this displays the verbose
DSCP value e.g. "Differentiated Services Codepoint: Expedited Forwarding
(0x2e)".
Is there a way to force the column to display
just the decimal value (46) of this field? I am sure that in 1.2.8 this filter
used as a column did display just the decimal value.
___________________________________________________________________________
Sent
via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
| 
