I am capturing some packets that contains private headers within the payload. I have written a quick & dirty lua dissector to decode these headers and everything works well from inside wireshark. That is I am able to "decode as" and see my proprietary headers within wireshark as expected.
I am now attempting to do the same from cmd line tshark with something like this:
tshark -X lua_script:foo.lua -r capture_file -T fields -e private.foo -e private.bar
Unfortunately my private fields are not being displayed which leads me to believe I am missing the "decode as" as step that I performed above. Is there a tshark equivalent to this step?
Is there a way to have tshark make use of the ~/.wireshark/decode_as_entries file?
Thanks for any help, Jax
asked 22 Jul '13, 13:18
answered 22 Jul '13, 14:30