Wireshark mailing list archives
Mentioning encapsulation type in Protocol column
From: Lori Jakab <ljakab () ac upc edu>
Date: Tue, 13 Mar 2012 16:38:28 +0100
Hi, AFAIK, currently the protocol displayed in the Protocol column of Wireshark is that of the last dissector called on the packet. This makes it difficult to distinguish among packets with or without some type of encapsulation, unless filtering is employed. That is, a "regular" ICMP packet and a GRE encapsulated ICMP packet are both simply listed as ICMP. It would be a great feature to be able to see at a glance, when monitoring all traffic (especially with tshark), which packets are GRE or LISP (or any other encapsulating header) encapsulated. So, with the example above, instead of showing just ICMP, the Protocol field would display ICMP/GRE or ICMP/LISP. Is this possible with the current API? I couldn't find a way to do this. If not, would it be easy to implement? And if there is no interest among the main developers to provide this feature, would a patch implementing this be accepted? Would someone mentor work on such a patch? Thanks, -Lori Jakab author of the LISP dissector ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Mentioning encapsulation type in Protocol column Lori Jakab (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Martin Kaiser (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Lori Jakab (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Martin Kaiser (Mar 13)