Wireshark · Ethereal-dev: [Ethereal-dev] Re: -Tpdml segmentation fault

Ethereal-dev: [Ethereal-dev] Re: -Tpdml segmentation fault

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sun, 17 Oct 2004 18:13:10 -0700

Michael Geisberger wrote:

With text format this works fine,
tethereal -T text -l -n -r\test\input -R "(gtp.message==0x10) and(frame.time)" -z proto,colinfo,ip,frame.time >>outputbut when I change the -T text to -T pdml, I get this segmentation error.


The same thing happens if you replace it with "-V".

The problem is that, if we're not generating the columns - which wedon't do in verbose mode ("-V") and which we don't do if we'regenerating PDML - taps such as the "proto,colinfo" tap that modify thecolumns won't work.

We'd need to have a way for a tap to specify that it requires that thecolumns be generated.


Note, however, that

tethereal -T pdml -l -n -r\test\input -R "(gtp.message==0x10) and(frame.time)" -z proto,colinfo,ip,frame.time >>output

probably wouldn't do what you want - the "proto,colinfo" tap modifiesthe columns in non-verbose text mode, it has *NO* effect whatsoever onXML output, so if you want to "filter certain values and save them inXML format", that won't do it.

There's no mechanism in Ethereal to selectively write out, in XMLformat, only selected fields of a packet.

Perhaps we should, instead, have a way for a tap to ask whether thecolumns will be generated and written, and have the "proto,colinfo" tapreport an error and exit if the user hasn't requested that the columnsbe generated, as the "colinfo" part of "proto,colinfo" indicates thatthe tap modifies the columns and is thus useless if the columns aren'tbeing written.

If somebody wants a way to have selected fields written out in PDMLformat (rather than actually writing out PDML, which is specified:


	http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm

to contain "all the most important information related to the protocolsand the fields that are contained into the packet (e.g. the protocols,all the field names and their values, and more)."), that might be auseful option - but it's not "-z proto,colinfo", which is intended forother purposes. It might well be a useful replacement for many (most?all?) uses of "-z proto,colinfo", but that's another matter.

Prev by Date: Re: [Ethereal-dev] Patch for AUTHORS-SHORT
Next by Date: [Ethereal-dev] G729
Previous by thread: Re: [Ethereal-dev] Patch for AUTHORS-SHORT
Next by thread: [Ethereal-dev] G729
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$