Hi, I have a m2pa pcap [which contains MAP protocol sigtran traffic] & i want to display what all different opcodes are there in each packet for MAP protocol. I have tried below command which is working fine on MTP2 pcap, but not working on m2pa pcap. tshark -r ul_success.pcap -R "gsm_map" -T fields -e gsm_old.localValue After running above command on m2pa pcap, i am getting below printing tshark: -R without -2 is deprecated. For single-pass filtering use -Y. & nothing else as output. can you please help? asked 03 May '17, 21:35  swapnilawale edited 03 May '17, 21:45 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
What happens if you replace -R with -Y or add -2 to the command?
@Anders I tried. it is not giving any output, it will be in waiting state & after sometime same blank screen with no output
What happens if you run it without "-R", "-T", and "-e"? Do you see the packets decoded up to the MAP layer?