Wireshark-users: [Wireshark-users] A question about display fileds
From: "Scott Sheppard" <scott.sheppard@xxxxxxxxxxxxxxxxx>
Date: Thu, 6 Sep 2007 13:09:36 -0000
Hello I am doing a study where I need to look at sequence numbers and vlan tags. I can see this in the user interface of WS without any problem. I would however like to export the packets to a CSV file for use with Excel or as fodder for a parsing script. Again I can do this. However the exported data is just what is seen in the summary field and I am interested in listing all the fields from a Frame, Ethernet, IP header etc. I do not need the payload bytes. Can this be accomplished? Thank you. Scott Sheppard -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Thursday, September 06, 2007 02:34 To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 16, Issue 6 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://www.wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: Increase Length of Description Fields (Chris Alton) 2. Re: Unable to compile static build of TShark on Fedora 7 (Barry Gould) 3. NCP Protocol Info field (Gerry McCafferty) 4. Re: Unable to compile static build of TShark on Fedora 7 (Stephen Fisher) 5. 3GPP2 A11 parsing error (Horyong Choi) ---------------------------------------------------------------------- Message: 1 Date: Wed, 5 Sep 2007 07:14:39 -0700 From: Chris Alton <calton@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Increase Length of Description Fields To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <EFDFD607A62EFB47A9DC83256466CC18237F643F58@xxxxxxxxxxxxxxxxxxxxxxxxxx.micro soft.com> Content-Type: text/plain; charset="utf-8" Any of the database protocols. TNS, TDS etc. Mainly trying to get the queries being executed. A lot of the times these queries can be quiet large. -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher Sent: Tuesday, September 04, 2007 4:01 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Increase Length of Description Fields On Tue, Sep 04, 2007 at 10:30:37AM -0700, Chris Alton wrote: > Is there any way to increase the size of the display fields in the > dissected packet info section? > > There are a few instances where the info gets truncated and the only > way to get it out of the packet is to use the packet bytes and > reassemble it manually. There is no way to widen those fields at this time. Out of curiosity, which protocol's traffic is giving you such long fields? Steve _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users ------------------------------ Message: 2 Date: Wed, 05 Sep 2007 15:12:52 -0700 From: Barry Gould <mailinglists@xxxxxxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Unable to compile static build of TShark on Fedora 7 To: <wireshark-users@xxxxxxxxxxxxx> Message-ID: <200709052214.l85ME8TJ007320@xxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii"; format=flowed At 05:45 PM 9/4/2007, Guy Harris wrote: >If so, you will have to configure with --without-plugins. OK, I tried ./configure --enable-wireshark=no --enable-static=yes --without-plugins and still got a -lgmodule-2.0 error so I tried ./configure --enable-wireshark=no --enable-static=yes --without-plugins --disable-gmodule and still got a -lgmodule-2.0 error and if I do this: $ ./configure --enable-wireshark=no --without-krb5 --without-ssl --disable-text2pcap --enable-dftest=no --enable-randpct=no --enable-ipv6=no --enable-threads=no --without-portaudio --disable-gtk2 --without-lua --enable-dftest=no --enable-static=yes --with-net-snmp=no --with-ucd-snmp=no --without-adns --disable-gtkplus --disable-gmodule --disable-shared --disable-dependency-tracking --without-plugins I get some other errors (below) The Wireshark package has been configured with the following options. Build wireshark : no Build tshark : yes Build capinfos : yes Build editcap : yes Build dumpcap : yes Build mergecap : yes Build text2pcap : no Build idl2wrs : yes Build randpkt : yes Build dftest : no Install setuid : no Use plugins : no Build lua plugin : no Build rtp_player : no Use GTK+ v2 library : no Use pcap library : yes Use zlib library : yes Use pcre library : no Use kerberos library : no Use GNU ADNS library : no Use GNU crypto library : no Use SSL crypto library : no Use IPv6 name resolution : no Use Net-SNMP library : no Use gnutls library : no $ make -j2 ... make[3]: Entering directory `/usr/src/wireshark-0.99.6/wiretap' /bin/sh ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -Werror -D_U_="__attribute__((unused))" -g -O2 -Wall -W -Wdeclaration-after-statement -Wendif-labels -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wwrite-strings -Wstrict-prototypes -Wmissing-declarations -Wno-pointer-sign -Wcast-align -I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/local/include -I/usr/local/include -c -o libwiretap_la-erf.lo `test -f 'erf.c' || echo './'`erf.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -Werror "-D_U_=__attribute__((unused))" -g -O2 -Wall -W -Wdeclaration-after-statement -Wendif-labels -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wwrite-strings -Wstrict-prototypes -Wmissing-declarations -Wno-pointer-sign -Wcast-align -I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/local/include -I/usr/local/include -c erf.c -o libwiretap_la-erf.o cc1: warnings being treated as errors erf.c: In function 'erf_open': erf.c:152: warning: const qualifier ignored on asm erf.c:211: warning: const qualifier ignored on asm erf.c:215: warning: const qualifier ignored on asm erf.c: In function 'erf_read_header': erf.c:364: warning: const qualifier ignored on asm erf.c:408: warning: const qualifier ignored on asm erf.c:443: warning: const qualifier ignored on asm erf.c:458: warning: const qualifier ignored on asm erf.c:458: warning: const qualifier ignored on asm erf.c:458: warning: const qualifier ignored on asm erf.c:458: warning: const qualifier ignored on asm erf.c:459: warning: const qualifier ignored on asm erf.c:468: warning: const qualifier ignored on asm erf.c:468: warning: const qualifier ignored on asm erf.c:468: warning: const qualifier ignored on asm erf.c:468: warning: const qualifier ignored on asm erf.c:469: warning: const qualifier ignored on asm erf.c:478: warning: const qualifier ignored on asm erf.c:478: warning: const qualifier ignored on asm erf.c:478: warning: const qualifier ignored on asm erf.c:478: warning: const qualifier ignored on asm erf.c:479: warning: const qualifier ignored on asm make[3]: *** [libwiretap_la-erf.lo] Error 1 make[3]: Leaving directory `/usr/src/wireshark-0.99.6/wiretap' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/src/wireshark-0.99.6/wiretap' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/wireshark-0.99.6' make: *** [all] Error 2 Thanks, Barry ------------------------------ Message: 3 Date: Thu, 6 Sep 2007 10:42:36 +1000 From: Gerry McCafferty <gmccaff@xxxxxxxxxxx> Subject: [Wireshark-users] NCP Protocol Info field To: wireshark-users@xxxxxxxxxxxxx Message-ID: <OFC2BD3102.02480A10-ONCA25734E.0002004B-CA25734E.0003E79F@xxxxxxxxxxx> Content-Type: text/plain; charset="utf-8" Quick question about the Info fields of ncp.ndsverb == 0x1 fields (NDS Resolve Name) in Wireshark 0.99.6a in Windows XP. If it is a servername, then for some reason the fully qualified name (e.g. \T=TREE\O=OU\CN=SERVER) is appended with a string similar to ?\?wp ?w???????wj?0g then after that there are another 5 characters that differ with each packet, but at least one is a double-byte ASCII character of a square with four 0 in it (like when you try and display Chinese characters without the correct fonts). I know that this is cosmetic, but this didn't appear in Ethereal 0.99.0 loaded on the same machine from my memory. Any idea why this is happening? Regards, Gerry McCafferty Server Support IBM Global Services A/NZ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20070906/b3647849 /attachment.htm ------------------------------ Message: 4 Date: Wed, 5 Sep 2007 20:09:12 -0600 From: Stephen Fisher <stephentfisher@xxxxxxxxx> Subject: Re: [Wireshark-users] Unable to compile static build of TShark on Fedora 7 To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <20070906020912.GC3645@shadow.local> Content-Type: text/plain; charset=us-ascii On Wed, Sep 05, 2007 at 03:12:52PM -0700, Barry Gould wrote: > and if I do this: > --disable-gtk2 > $ make -j2 > cc1: warnings being treated as errors > erf.c: In function 'erf_open': > erf.c:152: warning: const qualifier ignored on asm Disabling GTK2 disables GLIB v2 as well. On some systems, including my MacOS X machine, GLIB1 is causing the warnings above. This was recently discussed on the (-dev?) mailing list, but I don't remember the specifics. Removing --disable-gtk2 should work around this problem (or add --disable-warnings-as-errors to the configure script). Steve ------------------------------ Message: 5 Date: Thu, 6 Sep 2007 11:33:48 +0900 From: "Horyong Choi" <garuta@xxxxxxxxxxxxxxxxxx> Subject: [Wireshark-users] 3GPP2 A11 parsing error To: <wireshark-users@xxxxxxxxxxxxx> Message-ID: <000f01c7f02e$5b2f5920$0310fd0a@garuta> Content-Type: text/plain; charset="utf-8" As you see the Table 4.2.13-3 of 3GPP2 A.S0009-B v1.0 HRPD IOS-B, A11 RRQ-CVSE-Active Start Airlink Record-Subtype 108 is expressed to Subnet. But wireshark show to Unknown 3GPP2 Attribute (Type:26, SubType:108). See the under picture. In the next version can I see the correct information? Best Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20070906/d366e57c /attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 31230 bytes Desc: not available Url : http://www.wireshark.org/lists/wireshark-users/attachments/20070906/d366e57c /attachment.jpeg ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 16, Issue 6 **********************************************
- Follow-Ups:
- Re: [Wireshark-users] A question about display fileds
- From: Sake Blok
- Re: [Wireshark-users] A question about display fileds
- Prev by Date: [Wireshark-users] 3GPP2 A11 parsing error
- Next by Date: Re: [Wireshark-users] A question about display fileds
- Previous by thread: Re: [Wireshark-users] 3GPP2 A11 parsing error
- Next by thread: Re: [Wireshark-users] A question about display fileds
- Index(es):