Hi, 2014-02-13 8:43 GMT+01:00 Tulika Bose <[email protected]>:
> Hi > Thanx a lot.I used the 'Decode as' option,and the DTLS header is getting > parsed correctly.But it caused an issue,that for some some of the DTLS > packets,the pprotocol field showed DTLSv1,while the other packets showed it > as DTLS,although all the packets are of the same version.Is there any > particular reason for such a difference in version. > Secondly,I would like to get the packet displayed with the header > information,through command line using tshark,and redirect the output to a > text file.But when the filter string used is 'dtls',the file conatains no > entries.On the other hand,when the filter string used with the same command > is 'coap',packets get displayed,but then again the DTLS header is parsed as > CoAP.I would like to get DTLS packets decoded as DTLS through command > line.I am using version 10.4.Is there any other approach to do the same > using the same version,or I need to update it? > tshark -d option is your friend. See http://www.wireshark.org/docs/man-pages/tshark.html for details. Pascal. > > -----Hauke Mehrtens <[email protected]> wrote: ----- > To: Developer support list for Wireshark <[email protected]>, > [email protected] > From: Hauke Mehrtens <[email protected]> > Date: 02/12/2014 06:02PM > Subject: Re: [Wireshark-dev] Unable to recognise DTLS packets > > > On 02/12/2014 01:02 PM, Tulika Bose wrote: > > Dear All, > > I have come across a problem with the display filter of dtls.The > > version I am using is 1.10.4.I have some DTLS packets,where DTLS is used > > over CoAP,and they have been captured in a .pcapng file. But when I > > filter the packets using the string 'dtls',no packets get displayed.On > > the other hand,when the filter string used is 'coap' or 'udp', packets > > get displayed,because DTLS is using the same port as coap which is > > 5683.But the problem is that the wireshark cannot recognise the DTLS > > header,it parses the same as the CoAP header,although these are actually > > dtls packets.It would be very kind of you,if you help me with the issue. > > > > Thanks & Regards > > Tulika Bose > > Port 5683 is the default CoAP port and then the CoAP dissector is used > by default. You can right click on the Package in wireshark and then > click on "Decode As..." and select DTLS to decode it was DTLS. > > Wen you want to use DTLS with CoAP I would suggest you to use a nightly > build or a 11.X version of wireshark, there are some improvements in > wireshark regarding these two protocols. > > Hauke > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
