This is our old Q&A Site. Please post any new questions and answers at


I was previously using eapol filters with Tshark for differentiating between key exchange 1,2,3,4. I have updated my wireshark and apparently these filters don't work anymore:

tshark -n -V -r mypcap.pcap -Tfields -e eapol.keydes.key_info.error -e eapol.keydes.key_info.key_mic -e eapol.keydes.key_info.install -e eapol.keydes.key_info.key_ack -e eapol.keydes.data_len

(process:65567): WARNING : 'eapol.keydes.key_info.error' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.key_info.key_mic' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.key_info.install' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.key_info.key_ack' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.data_len' isn't a valid field!

Why? And how to access to Key information with filters on the new version?

Thank you.

asked 11 Aug '14, 18:03

tsharker's gravatar image

accept rate: 0%

Apparently, that field has been renamed to



permanent link

answered 12 Aug '14, 02:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

It works perfectly, thank you!

Regards, Matt

(12 Aug '14, 10:05) tsharker
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 11 Aug '14, 18:03

question was seen: 1,863 times

last updated: 12 Aug '14, 10:18

p​o​w​e​r​e​d by O​S​Q​A