What dissectors am I missing? All analysis stops at Ethernet II


Noob question here. I wanted to see the performance difference between having all the dissectors turned on vs. only those for the protocols that I was interested in. I ran:

tshark -r dump.pcap -qz io,phs

I can see the following protocols used: eth, ip, tcp, udp, icmp, igmp, arp. After adding all of these from the dissectors list I only get dissection up the the ethernet layer, for every packet, everything else it just treats as 'data'. What am I missing?

What am I missing?

ethertype ?

Enable all the protocols and then, for a random sample of frames in your capture, look (with wireshark) in the details pane under 'frame' at the generated field 'protocols in frame' to see the list of protocols in the frame.

Ethertype was it, thanks for the help. Is there a tshark command that won't miss that?

Obviously I could use tshark -Tfields -e frame.protocols, but I'm just curious why -qz doesn't include it.

I don't know....

