This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi Guys,

I have a pdml output file which is OK for all the IP, TCP, UDP etc but there is one protocol which does not get writen correctly. tshark puts a <proto></proto> section within another <proto></proto> section which makes it non XML compliant. Has anyone had this happen before? Any ideas how I can correct it?

regards,

Degsy

asked 03 Feb '12, 02:45

Degsy's gravatar image

Degsy
1223
accept rate: 0%

I haven't seen that happen myself. Are you able to share a file that exhibits this behavior? You could post it to CloudShark for people to look at.

Are you using any custom dissectors? What version of TShark is producing the PDML?

(03 Feb '12, 07:59) zachad

I can replicate described behavior with current wireshark git (54dfe3b9b68) without any custom dissectors. It doesn't break XML in my case, but differs from "fake protocol wrapper" fields that seem to be used in similar cases elsewhere.

As README.xml-output doesn't mention that it's possible for fields to contain "proto" elements, is it safe to assume it's a bug and that it should be reported as such?

(19 Oct '14, 00:47) mk-fg

If you have a capture file that exhibits the issue, go ahead and file a report at the Wireshark Bugzilla and attach the capture to the bug report.

(19 Oct '14, 01:57) grahamb ♦
(19 Oct '14, 02:42) mk-fg
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×19
×2

question asked: 03 Feb '12, 02:45

question was seen: 3,330 times

last updated: 19 Oct '14, 02:42

p​o​w​e​r​e​d by O​S​Q​A