Wireshark-users: Re: [Wireshark-users] Packet List Display
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 21 May 2008 20:19:32 +0200
On Wed, May 21, 2008 at 05:16:47PM +0200, Sake Blok wrote:
> On Wed, May 21, 2008 at 09:16:36AM -0400, Tony Fortunato wrote:
> > 
> > - I wanted to see (and ideally export) the Packet List with the IP info as
> > the displayed protocol, even if Wireshark can decode the higher protocols.
> 
> If I understand you correctly you want the Info column to display the
> values as if IP was the last layer that was dissected by Wireshark?
> 
> I thought that would be possible to achieve by disabling all protocols
> and then enabling only Ethenet and IP. But unfortunately the IP
> dissector then just displays: "TCP (0x06)". 

Hmmm... I looked at epan/dissectors/packet-ip.c and it shows that only
exceptions are put into the "Info Column". This makes sense as IP will
never be the last protocol, there will always be a protocol on top of 
it. If it doesn't that protocol, it will just show "<name> (<proto-id>)".

> When I disable the HTTP dissector, the Info Column will indeed show
> the TCP info like there was no upper layer present.
> 
> Do you want the IP dissector to behave in the same manner? 
> (ie showing IP details in the Info Column when the upper layer
> protocol dissectors are disabled)

What info do you want exactly? I think you can use tshark to accomplish
your goal. Let's have a try..

$ tshark -r trees.cap -T fields -e frame.number -e frame.time_relative -e ip.src -e ip.dst -e ip.len -e ip.id -e ip.ttl -e ip.proto
 -e ip.checksum -E header=y 
 frame.number    frame.time_relative     ip.src  ip.dst  ip.len  ip.id   ip.ttl  ip.proto        ip.checksum
 1       0.000000000     213.84.244.33   213.206.125.36  40      0xfed7  120     0x06    0xe78e
 2       0.037319000     213.206.99.118  213.206.125.35  128     0x2ed6  59      0x32    0xc43f
 3       1.018455000     213.206.125.36  213.84.244.33   136     0xa817  63      0x06    0x76ef
 4       1.231212000     213.84.244.33   213.206.125.36  40      0xfed8  120     0x06    0xe78d
 5       2.820017000     213.84.244.33   213.206.125.36  88      0xfed9  120     0x06    0xe75c
 6       2.854071000     213.206.125.36  213.84.244.33   40      0xa818  63      0x06    0x774e
 7       2.968476000     213.84.244.33   213.206.125.36  88      0xfeda  120     0x06    0xe75b
 8       2.969336000     213.206.125.36  213.84.244.33   40      0xa819  63      0x06    0x774d
 9       2.971973000     213.206.125.36  213.84.244.33   344     0xa81a  63      0x06    0x761c

Does something like that fit your needs?

Cheers,
    Sake