I too was just looking for this feature today. I thought that I stumbled upon it with "-O". However, that doesn't *only* print detailed information for the specific protocol. It also prints the summary lines for other protocols. Maybe that's a jumping off point?
Thanks, Rick On Tue, Aug 7, 2012 at 3:48 PM, Christopher Maynard < [email protected]> wrote: > Joerg Mayer <jmayer@...> writes: > > > I'm looking for a way to access the payload of a protocol in tshark and > > haven't found one. > > I was recently trying to do something similar for one of our older > protocols > that nobody had yet written a dissector for, but I was unable to come up > with a > solution. For me, it would have been good enough if something like "-e > data.data[n:m]" or "-e frame[n:m]" worked, but unfortunately neither of > them do. > > I ended up having to write a basic enough dissector to get at least some > of the > data of interest out of it quickly. > > > What I'd like to use with the -e option is something like > "<protocol>.payload" > > for protocols that have a payload that is not dissected via the protocol > dissector. > > This element could be a hidden field. > > The output could be either text, hex or raw(binary), depending on a -E > > parameter (or maybe a new option), see the -z follow feature. > > > > Is this already possible and I just missed it? > > I am unaware of such a feature ... but maybe I missed it too. > > > If not, does this feature sound reasonable? > > Yes! +1 > > - Chris > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe > -- Rick
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
