Re: Mentioning encapsulation type in Protocol column

[Martin Kaiser <lists () kaiser cx>]

Hi Lori and all,

Thus wrote Lori Jakab (ljakab () ac upc edu):

> AFAIK, currently the protocol displayed in the Protocol column of
> Wireshark is that of the last dissector called on the packet. This makes
> it difficult to distinguish among packets with or without some type of
> encapsulation, unless filtering is employed. That is, a "regular" ICMP
> packet and a GRE encapsulated ICMP packet are both simply listed as ICMP.

> It would be a great feature to be able to see at a glance, when
> monitoring all traffic (especially with tshark), which packets are GRE
> or LISP (or any other encapsulating header) encapsulated. So, with the
> example above, instead of showing just ICMP, the Protocol field would
> display ICMP/GRE or ICMP/LISP.

> Is this possible with the current API?

probably not in the protocol column. Most (if not all) dissectors call
col_set_str(pinfo->cinfo, COL_PROTOCOL, "my protocol"); and clear the
previous content.

I just tried defining a custom column as follows
- select any packet
- open "Frame" in the tree
- select "Protocols in Frame"
- right click, "Apply as column"

That'll give you a colon-separated list of protocols in the column.
Hopefully, that's what you need.

Best regards,

   Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe