i do apologize for a question i'm sure everyone on here knows except me. i have been to 10 pages and still am in the dark. i know what BOOLEAN/UNSIGNED INT/FRAME NUMER/ all mean in the display codes for tshark, but what exactly is a LABEL? think about it. as a newbie, i could refrence that to mean anything! a port number, protocol, string. they tell me NOTHING. so i ask you, where is a label reference sheet? i keep getting this error -o tcp.contiuation_to: (it wants a LABEL. so i cant put FALSE/TRUE/etc) once again, sorry for the stupid question but i truly am at a loss here asked 19 Nov '14, 22:25  McKittrick |
One Answer:
There's no such field type as a "label". The field tcp.continuation_to has type "frame number", so its value is an integer value. A filter expression that has only a field name tests whether the field is present in the frame; if you want to test whether "tcp.continuation_to" is present, you want a display filter (
If you're trying to disable TCP reassembly, so that no frames will be marked as TCP continuations, you want the preference "tcp.desegment_tcp_streams", and it's a Boolean preference, so you'd specify answered 20 Nov '14, 00:33  Guy Harris ♦♦ |
