Revision history [back]
Is there a bug in tshark pdml output?
I extract the capture data of my network interface (which seems correct and legal in the wireshark GUI) using tshark in the format of pdml. The command is "tshark.exe -i 3 -T pdml".
I notice a consistent issue in one of the pdml fields. the field is in the tcp layer:
"
the issue seems like part of the cml line is missing.
Is there a known issue with that? Should this line just be ignored?
Thank you in advance.
edit: Wireshark version 3.4.3. OS windows 10 Enterprise.
For the console, I attempted to use the pdml output in my own dotnet program so I ran a tshark process and redirected the output to a dotnet stream. I tried it with a UDP data and it was fine. The problems started when I read TCP and TLS layers data.
Thanks to your question, I rechecked myself and ran tsahrk in a powershell and now I see the missing end of the fields, for some reason.
So now I know tshark does output the pdml correctly (and it is likely I am dropping part of the tshark fields in dotnet somewhere).
I will recheck my work and share if any issue that may interest the Wireshark community will rise. Thank you for the comment.
Is there a bug in tshark pdml output?
I extract the capture data of my network interface (which seems correct and legal in the wireshark GUI) using tshark in the format of pdml. The command is "tshark.exe -i 3 -T pdml".
I notice a consistent issue in one of the pdml fields. the field is in the tcp layer:
"
the issue seems like part of the cml line is missing.
Is there a known issue with that? Should this line just be ignored?
Thank you in advance.
edit: Wireshark version 3.4.3. OS windows 10 Enterprise.
For the console, I attempted to use the pdml output in my own dotnet program so I ran a tshark process and redirected the output to a dotnet stream. I tried it with a UDP data and it was fine. The problems started when I read TCP and TLS layers data.
Thanks to your question, I rechecked myself and ran tsahrk in a powershell and now I see the missing end of the fields, for some reason.
So now I know tshark does output the pdml correctly (and it is likely I am dropping part of the tshark fields in dotnet somewhere).
I will recheck my work and share if any issue that may interest the Wireshark community will rise. Thank you for the comment.