Wireshark mailing list archives

Re: Custom Columns & combining filters

From: Martin Visser <martinvisser99 () gmail com>
Date: Thu, 8 Oct 2009 07:16:48 +1100

I think that the problem is that Keith has missed is that field names ARE
filters, but unfortunately the converse is not true. For Keith's benefit
when you use one or fields to construct a filter, such as
"(dpnss.cc_msg_type)||(dpnss.e2e_msg_type)" the result is effectively a
logical true or false. If used as a display filter this simply determines
whether a packet is displayed or not. The only way to display a new field
whose contents are either the contents from this field or that field (and
you might have to deal with the case of them both having contents) would be
to create a new subdissector (which could be done in LUA).

The bug Jeff refers to also seems to cover it. I do think some sort of
calculated field would be cool.

Even easier would be two create two custom columns, one for
dpnss.cc_msg_type and one for dpnss.e2e_msg_type and put up with the lost
real estate.


Regards, Martin

MartinVisser99 () gmail com


On Thu, Oct 8, 2009 at 3:40 AM, Guy Harris <guy () alum mit edu> wrote:


On Oct 7, 2009, at 2:32 AM, Keith French wrote:

In the latest version of Wireshark, when you add a custom column
under the Preferences/User Interface, is it possible to define the
filter using two or more expressions?


I don't see any filter in the dialog box for a column.  I do see
something that says "Field name", but nothing that says "Filter".

Either of these two filters are valid on their own, but if I try to
combine them to be one column the syntax checker remains a red
background:-

(dpnss.cc_msg_type)||(dpnss.e2e_msg_type)


That's not a field name.  What is it you're trying to do?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Custom Columns & combining filters Keith French (Oct 07)
- Re: Custom Columns & combining filters Jeff Morriss (Oct 07)
- Re: Custom Columns & combining filters Guy Harris (Oct 07)
  - Re: Custom Columns & combining filters Martin Visser (Oct 07)
    - Re: Custom Columns & combining filters Keith French (Oct 08)