Thanks Chris!
I'll stick with the -T fields -e option and then decode the numerical value into the named interval, etc per the PTP specification and dissector.
I am writing in a script anyway, so this will be easy to map.
Thanks again,
Barry
--------------------------------------------
On Sun, 2/21/16, wireshark-users-request@xxxxxxxxxxxxx <wireshark-users-request@xxxxxxxxxxxxx> wrote:
Subject: Wireshark-users Digest, Vol 117, Issue 4
To: wireshark-users@xxxxxxxxxxxxx
Date: Sunday, February 21, 2016, 7:00 AM
Send Wireshark-users mailing list
submissions to
wireshark-users@xxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help'
to
wireshark-users-request@xxxxxxxxxxxxx
You can reach the person managing the list at
wireshark-users-owner@xxxxxxxxxxxxx
When replying, please edit your Subject line so it is more
specific
than "Re: Contents of Wireshark-users digest..."
Today's Topics:
1. PTP Protocol Fields (Barry
Constantine)
2. Re: PTP Protocol Fields (Christopher
Maynard)
----------------------------------------------------------------------
Message: 1
Date: Sat, 20 Feb 2016 16:04:01 +0000 (UTC)
From: Barry Constantine <barryconstant@xxxxxxxxx>
To: <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] PTP Protocol Fields
Message-ID:
<848612689.234812.1455984241569.JavaMail.yahoo@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8
Hello,
I am trying to use tshark to export fields to a text file
for the PTP protocol.
I usually determine the correct field name by right clicking
in the UI and then determining the field name, in this
example, one would be:
ptp.v2.sig.tlv.logInterMessagePeriod.period
If I copy the value as a test it always shows "0", but
copying the Description, I get the readable value "period:
every 1 seconds"
Is there a way to get tshark to export the description
versus the value with the -e option?
Also, curious why the value differs from the description
field presented in the UI (value is always "0").
Thanks,
Barry
------------------------------
Message: 2
Date: Sat, 20 Feb 2016 17:01:51 +0000 (UTC)
From: Christopher Maynard <Christopher.Maynard@xxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] PTP Protocol Fields
Message-ID: <loom.20160220T173537-48@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
Barry Constantine <barryconstant@...>
writes:
> Is there a way to get tshark to export the description
versus the value
with the -e option?
Not with the -e option, at least not that I'm aware
of. You might be able
to script something though? For example, if you *only*
wanted to see the
text for the ptp.v2.sig.tlv.logInterMessagePeriod.period
field, you should
be able to achieve this like so:
tshark -r ptp_file.pcap -Y
"ptp.v2.sig.tlv.logInterMessagePeriod.period"
-O ptp | grep "period:"
(Substitute "findstr" for "grep" if you're on Windows.)
> Also, curious why the value differs from the
description field presented
in the UI (value is always "0").
This is because the value gives you the raw data, which is
0, whereas
Wireshark is showing you the calculated/interpreted value,
which is 2^value,
or in this case, 2^0=1. (See: https://goo.gl/hMd3lC)
- Chris
------------------------------
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
End of Wireshark-users Digest, Vol 117, Issue 4
***********************************************
