Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

why protocol result is 0x8892 not PNIO-PS

my command is
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f

the column protocol is 0x8892

why protocol result is 0x8892 not PNIO-PS

my command is
tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f

if i use test the column protocol is 0x8892

if i use root then the result is PNIO_PS

why protocol result is 0x8892 not PNIO-PS

my command is
is:

tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f

occurrence=f

if i use test the column protocol is 0x8892

if i use root then the result is PNIO_PS

why protocol result is 0x8892 not PNIO-PS

in linux environment my command is:

tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f

if i use test user/test the column protocol is 0x8892

if i use root user/root then the result is PNIO_PS

why protocol result is 0x8892 not PNIO-PS

in linux environment my command is: environment

tshark -r test.pcapng -Y "eth.addr==00:60:65:16:4f:22 && eth.addr==20:87:56:77:a5:97" -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f

if user/test the column protocol is 0x8892

if i user/root then the result is PNIO_PS

[[email protected] test]$ tshark -r test.pcapng -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP NewH3CTe_42:71:39,LLDP_Multicast,LLDP 00:f1:ca:00:c1:33,All-Stations-Address,0x0941 Raisecom_91:03:fd,Broadcast,ARP Raisecom_d8:32:c2,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP B&RIndus_16:4f:22,PN-MC_00:00:00,0x8892 Siemens_77:a5:97,B&RIndus_16:4f:22,0x8892 00:f1:ca:00:c1:33,All-Stations-Address,0x092c B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892 B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892

[[email protected] test]# tshark -r test.pcapng -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f Running as user "root" and group "root". This could be dangerous. RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP NewH3CTe_42:71:39,LLDP_Multicast,LLDP 00:f1:ca:00:c1:33,All-Stations-Address,0x0941 Raisecom_91:03:fd,Broadcast,ARP Raisecom_d8:32:c2,Broadcast,ARP RealtekS_68:0f:eb,Broadcast,ARP B&RIndus_16:4f:22,PN-MC_00:00:00,PN-DCP Siemens_77:a5:97,B&RIndus_16:4f:22,PN-DCP 00:f1:ca:00:c1:33,All-Stations-Address,0x092c B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP RealtekS_68:0f:eb,Broadcast,ARP NewH3CTe_42:71:39,LLDP_Multicast,LLDP B&RIndus_16:4f:22,Broadcast,ARP 10.168.185.12,10.168.185.40,PNIO-CM Siemens_77:a5:97,B&RIndus_16:4f:22,ARP Siemens_77:a5:97,B&RIndus_16:4f:22,PNIO_PS 10.168.185.40,10.168.185.12,PNIO-CM 10.168.185.12,10.168.185.40,PNIO-CM

why protocol result is 0x8892 not PNIO-PS

in linux environment

if user/test user/test the column protocol is 0x8892

if i user/root then the result is PNIO_PS

[[email protected] test]$ tshark -r test.pcapng -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
RealtekS_68:0f:eb,Broadcast,ARP
RealtekS_68:0f:eb,Broadcast,ARP
RealtekS_68:0f:eb,Broadcast,ARP
NewH3CTe_42:71:39,LLDP_Multicast,LLDP
00:f1:ca:00:c1:33,All-Stations-Address,0x0941
Raisecom_91:03:fd,Broadcast,ARP
Raisecom_d8:32:c2,Broadcast,ARP
RealtekS_68:0f:eb,Broadcast,ARP
B&RIndus_16:4f:22,PN-MC_00:00:00,0x8892
Siemens_77:a5:97,B&RIndus_16:4f:22,0x8892
00:f1:ca:00:c1:33,All-Stations-Address,0x092c
B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892
B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892
B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892
B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892
B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892B&RIndus_48:5a:92,PN-MC_00:00:00,0x8892

if i user/root then the result is PNIO_PS

[[email protected] test]# tshark -r test.pcapng -T fields -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -E header=n -E separator=, -E occurrence=f
Running as user "root" and group "root". This could be dangerous.
RealtekS_68:0f:eb,Broadcast,ARP
RealtekS_68:0f:eb,Broadcast,ARP
RealtekS_68:0f:eb,Broadcast,ARP
NewH3CTe_42:71:39,LLDP_Multicast,LLDP
00:f1:ca:00:c1:33,All-Stations-Address,0x0941
Raisecom_91:03:fd,Broadcast,ARP
Raisecom_d8:32:c2,Broadcast,ARP
RealtekS_68:0f:eb,Broadcast,ARP
B&RIndus_16:4f:22,PN-MC_00:00:00,PN-DCP
Siemens_77:a5:97,B&RIndus_16:4f:22,PN-DCP
00:f1:ca:00:c1:33,All-Stations-Address,0x092c
B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP
B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP
B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP
B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP
B&RIndus_48:5a:92,PN-MC_00:00:00,PN-DCP
RealtekS_68:0f:eb,Broadcast,ARP
NewH3CTe_42:71:39,LLDP_Multicast,LLDP
B&RIndus_16:4f:22,Broadcast,ARP
10.168.185.12,10.168.185.40,PNIO-CM
Siemens_77:a5:97,B&RIndus_16:4f:22,ARP
Siemens_77:a5:97,B&RIndus_16:4f:22,PNIO_PS
10.168.185.40,10.168.185.12,PNIO-CM
10.168.185.12,10.168.185.40,PNIO-CM