Wireshark mailing list archives
Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields
From: Graham Bloice <graham.bloice () trihedral com>
Date: Thu, 26 Nov 2020 18:30:05 +0000
On Thu, 26 Nov 2020 at 18:19, Maynard, Christopher via Wireshark-dev < wireshark-dev () wireshark org> wrote:
Many protocols contain subtrees, such as a header with various fields that are part of the header, and it’s convenient/logical to group those fields within the header subtree. However, doing so results in a Packet Diagram that only shows the raw bytes of the subtree rather than the individual fields contained within the subtree. So either I’m doing something wrong, in which case I welcome any suggestions for improving the display, or there seems to be a current limitation to the way the Packet Diagram behaves with respect to subtrees. Has anyone else noticed this?
I see something similar with the DNP3 dissector where I have multiple subtrees, but the packet diagram only shows the first two and not the elements in those trees either. Admittedly the DNP3 tree is a bit odd and the Data Chunks should really be a child of the Data Link Layer. [image: image.png] [image: image.png] This might be caused by the tree items being text, a summary of the sub-tree contents. As an example, I’ve crafted together a Lua dissector for a fictional
protocol, “Foo” along with an associated sample capture file to illustrate what I mean. I’ve also attached an image of the Packet Diagram showing the *“Foo Header”* as raw bytes only. What would be nicer to see are the individual header fields themselves, such as for this example: Foo Header: 0 15 16 31 +-------------------------------+ | Magic | +---------------+---------------+ | Type | Length | +---------------+---------------+ Is there a way to achieve this while still grouping the fields within a subtree? Thanks. - Chris
-- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Packet Diagram shows only raw bytes of a subtree instead of individual fields Maynard, Christopher via Wireshark-dev (Nov 26)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields Graham Bloice (Nov 26)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields John Thacker (Nov 26)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields Gerald Combs (Nov 30)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields ronnie sahlberg (Nov 30)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields Gerald Combs (Nov 30)