Also as an interim measure, you may want to make use of the PDML
output instead (which will show all fields). This will require
separate parsing of course to be useful.
Regards, Martin
MartinVisser99@xxxxxxxxx
On 6 January 2011 10:05, Sake Blok <sake@xxxxxxxxxx> wrote:
>
> On 5 jan 2011, at 21:51, eymanm wrote:
>
> I have a protocol that contains the same fields, let's name them A, in a
> single frame. Let's also assume that there are three As in a single frame.
> When using tshark with -V all the As are displayed properly. When using -e,
> only the last A is displayed. Can somebody suggest how to display the first
> and the second As with -e?
>
> I implemented the ability to select the first, last or all occurrences of a
> field with tshark a while ago. It's not yet in 1.4.x, so you will have to
> use an automated build or wait for 1.5.0.
> From 'tshark -h':
> -e <field> field to print if -Tfields selected (e.g.
> tcp.port);
> this option can be repeated to print multiple
> fields
> -E<fieldsoption>=<value> set options for output when -Tfields selected:
> header=y|n switch headers on and off
> separator=/t|/s|<char> select tab, space, printable character as
> separator
> occurrence=f|l|a print first, last or all occurrences of each
> field
> aggregator=,|/s|<char> select comma, space, printable character as
> aggregator
> quote=d|s|n select double, single, no quotes for values
> Cheers,
>
> Sake
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
