I verified that the SVN version does have ICMP enabled. I loaded the capture file into Wireshark-SVN and both the Protocol and Info columns are blank. (I'm up to SVN-23155 at the moment.)
When I load the same capture file into Wireshark-0.99.6, the Protocol and Info columns are correctly populated. Hmm, so it's probably not a tshark specific problem after all, but more likely some sort of column problem? - Chris (I'll try another distclean and rebuild everything again, but I can't do it right now ... that'll probably have to wait until I get home.) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Morriss Sent: Friday, October 12, 2007 4:29 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] tshark: drop features "dump to stdout"and"readfilter" - conclusion Jeff Morriss wrote: > Maynard, Chris wrote: >> Anyway, I tried it and it seems to work better, although compared to the >> 0.99.6 version, the output differs given the same options. I would >> expect the output to be the same, no? >> >> Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap": >> >> tshark-SVN-23133: >> "C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap >> 1 0.000000 192.168.1.100 -> 192.168.1.1 74 >> 2 0.000272 192.168.1.1 -> 192.168.1.100 74 >> 3 1.002940 192.168.1.100 -> 192.168.1.1 74 >> 4 1.003186 192.168.1.1 -> 192.168.1.100 74 >> >> tshark-0.99.6: >> "C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap >> No log handling enabled - turning on stderr logging >> 1 0.000000 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request >> 2 0.000305 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply >> 3 1.001864 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request >> 4 1.002157 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply > > Hmmm, yeah. I'll see if I can get my Windows build going again though > IIRC I never could capture stuff with my own builds. Well it works fine for me... Not sure why your SVN version isn't dissecting the ICMP part. Does the file load in Wireshark? (Do you have the ICMP dissector disabled--only in the SVN version?) _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev ----------------------------------------- This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
