Hi Milan,
Which version are you using?
The latest versions have the option -E occurrence=f|l|a to print the first,
last or all occurences of each field.
$ tshark -r malta.pcap -R 'frame.number > 1005 && frame.number < 1015' -T
fields -e m3ua.protocol_data_opc -e m3ua.protocol_data_dpc -E occurrence=a
8455 6137
6137,6137,6137 8455,8455,8455
6137 8455
8455 6137
6137,6137 8455,8455
8455 6137
6137 8455
8455 6137
More information:
tshark -h
-E<fieldsoption>=<value> set options for output when -Tfields selected:
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s|<char> select comma, space, printable character as aggregator
quote=d|s|n select double, single, no quotes for values
BTW
I'm using version TShark 1.5.0-SVN-34549 on Windows.
Best regards
Joke
On Thu, 21 Oct 2010 10:01:39 +0200 Milan STANCIC wrote:
>Hello
>
>Can somebody to help me ?
>
>I got some simple problem maybe you can help me...
>
>Exactly, I should extract m3ua/sccp/tcap/gsm_map/gsm_sms payloads from
>frame for purpose of collection of CDR's.. Problem is in case when you
>got in one frame more than one m3ua message, Tshark give us just one
>line, last one. please symptoms.
>
>---------------------
>root@milan-PC:/home/milan/Downloads# tshark -R 'frame.number == 1010' -e
>frame.number -e m3ua.protocol_data_opc -e m3ua.protocol_data_dpc -r
>malta.pcap -Tfields
>Running as user "root" and group "root". This could be dangerous.
>1010 6137 8455 ----//// it is just last m3ua message
>-----------------------------------------
>
>So, I have tried next:
>to use MATE: please see config file...
>
>wireshark -o "mate.config: m3ua_v04.mate" -r malta.pcap
>
>There is two MATE section but not each of wanted attributes.. please see
>mate_example.png and m3ua_v04.mate
>
>PLEASE HELP, HOW CAN I PROCESS IT.
>
>
>--
>Milan STANCIC
>
>System Administrator
>
>RoutoMessaging
>http://www.routomessaging.com
>GSMA Associate Member
>Tel +44 (0) 870 231 7777
>Fax + 44 (0) 870 231 7771
>
>
>
>This email contains Routo Telecommunications information, which may be privileged
>or confidential. It's meant only for the individual(s) or entity named above.
>If you're not the intended recipient, note that disclosing, copying, distributing
>or using this information is prohibited. If you've received this email in
>error, please let me know immediately on the email address above. Thank
you.
>
>
>
>Routo Telecommunications Limited Registration Number 04546322 having its
>principal place of business at 48 Charlotte Street, London, W1T 2NS, United
>Kingdom
>
>
>
>Internet communications cannot be guaranteed to be timely, secure, error
>or virus-free. The sender does not accept liability for any errors or omissions.
>
>
>
>We monitor our email system, and may record your emails.
>
>
>
>
>
>
>Bijlage: m3ua_v04.mate
>
>
>Bijlage: mate_example.png
>
>
>Bijlage: Screenshot.png
>
>
>Bijlage: malta.pcap
