 | 1 | initial version |
This is similar to tshark - extract conversations (ip,tcp,udp) / endpoints with GeoIP where the Wireshark gui and tshark tap results are different.
ui/qt/conversation_dialog.cpp uses ConversationDataModel::headerData which includes CONV_COLUMN_BPS_AB and CONV_COLUMN_BPS_BA.
The tap that TShark calls (ui/cli/tap-iousers.c) calls does not:
printf("%s | <- | | -> | | Total | Relative | Duration |\n",
display_ports ? " " : "");
printf("%s | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | |\n",
display_ports ? " " : "");
break;