This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tshark eapol filters no more valid in version 1.12.0

0

Hi,

I was previously using eapol filters with Tshark for differentiating between key exchange 1,2,3,4. I have updated my wireshark and apparently these filters don't work anymore:

tshark -n -V -r mypcap.pcap -Tfields -e eapol.keydes.key_info.error -e eapol.keydes.key_info.key_mic -e eapol.keydes.key_info.install -e eapol.keydes.key_info.key_ack -e eapol.keydes.data_len

(process:65567): WARNING : 'eapol.keydes.key_info.error' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.key_info.key_mic' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.key_info.install' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.key_info.key_ack' isn't a valid field!

(process:65567): WARNING : 'eapol.keydes.data_len' isn't a valid field!

Why? And how to access to Key information with filters on the new version?

Thank you.

asked 11 Aug '14, 18:03

tsharker's gravatar image

tsharker
11113
accept rate: 0%


One Answer:

1

Apparently, that field has been renamed to

wlan_rsna_eapol.keydes.key_info

Regards
Kurt

answered 12 Aug '14, 02:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

It works perfectly, thank you!

Regards, Matt

(12 Aug '14, 10:05) tsharker