Wireshark-users: Re: [Wireshark-users] PTP Protocol Fields
From: Christopher Maynard <Christopher.Maynard@xxxxxxx>
Date: Sat, 20 Feb 2016 17:01:51 +0000 (UTC)
Barry Constantine <barryconstant@...> writes:

> Is there a way to get tshark to export the description versus the value
with the -e option?

Not with the -e option, at least not that I'm aware of.  You might be able
to script something though?  For example, if you *only* wanted to see the
text for the ptp.v2.sig.tlv.logInterMessagePeriod.period field, you should
be able to achieve this like so:

    tshark -r ptp_file.pcap -Y "ptp.v2.sig.tlv.logInterMessagePeriod.period"
-O ptp | grep "period:"

(Substitute "findstr" for "grep" if you're on Windows.)

> Also, curious why the value differs from the description field presented
in the UI (value is always "0").

This is because the value gives you the raw data, which is 0, whereas
Wireshark is showing you the calculated/interpreted value, which is 2^value,
or in this case, 2^0=1.  (See: https://goo.gl/hMd3lC)

- Chris