Wireshark mailing list archives
Re: Mentioning encapsulation type in Protocol column
From: Martin Kaiser <lists () kaiser cx>
Date: Tue, 13 Mar 2012 23:07:20 +0100
Hi Lori and all, Thus wrote Lori Jakab (ljakab () ac upc edu):
AFAIK, currently the protocol displayed in the Protocol column of Wireshark is that of the last dissector called on the packet. This makes it difficult to distinguish among packets with or without some type of encapsulation, unless filtering is employed. That is, a "regular" ICMP packet and a GRE encapsulated ICMP packet are both simply listed as ICMP.
It would be a great feature to be able to see at a glance, when monitoring all traffic (especially with tshark), which packets are GRE or LISP (or any other encapsulating header) encapsulated. So, with the example above, instead of showing just ICMP, the Protocol field would display ICMP/GRE or ICMP/LISP.
Is this possible with the current API?
probably not in the protocol column. Most (if not all) dissectors call col_set_str(pinfo->cinfo, COL_PROTOCOL, "my protocol"); and clear the previous content. I just tried defining a custom column as follows - select any packet - open "Frame" in the tree - select "Protocols in Frame" - right click, "Apply as column" That'll give you a colon-separated list of protocols in the column. Hopefully, that's what you need. Best regards, Martin ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Mentioning encapsulation type in Protocol column Lori Jakab (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Martin Kaiser (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Lori Jakab (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Martin Kaiser (Mar 13)