On Fri, Jan 10, 2014 at 02:07:37PM +0100, Michal Labedzki wrote: > I have one more question: how tfshark works? > ./tshark -V -r file.elf # works ok > ./tfshark -V -r file.elf # does not work > > How to display dissector fields with tfshark? (in case I do not know > their names)
Similar behavior here: jmayer@egg:~> tfshark -r ./info.gif 947 -> UNKNOWN FTAP_ENCAP = 1234 jmayer@egg:~> tfshark -V -r ./info.gif TFShark 1.11.3 (SVN Rev 54677 from /trunk) Dump and analyze network traffic. See http://www.wireshark.org for more information. Copyright 1998-2014 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Usage: tfshark [options] ... Input file: -r <infile> set the filename to read from (no pipes or stdin!) Processing: -2 perform a two-pass analysis -R <read filter> packet Read filter in Wireshark display filter syntax -Y <display filter> packet displaY filter in Wireshark display filter syntax -d <layer_type>==<selector>,<decode_as_protocol> ... "Decode As", see the man page for details Example: tcp.port==8888,http [more help output deleted] default report="fields" use "-G ?" for more help jmayer@egg:~> tfshark -2 -V -r ./info.gif 947 -> UNKNOWN FTAP_ENCAP = 1234 jmayer@egg:~> Ciao Jörg -- Joerg Mayer <[email protected]> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
