Wireshark mailing list archives
Re: Mentioning encapsulation type in Protocol column
From: Lori Jakab <ljakab () ac upc edu>
Date: Tue, 13 Mar 2012 23:33:57 +0100
On 03/13/12 23:07, Martin Kaiser wrote:
Hi Lori and all, Thus wrote Lori Jakab (ljakab () ac upc edu):AFAIK, currently the protocol displayed in the Protocol column of Wireshark is that of the last dissector called on the packet. This makes it difficult to distinguish among packets with or without some type of encapsulation, unless filtering is employed. That is, a "regular" ICMP packet and a GRE encapsulated ICMP packet are both simply listed as ICMP. It would be a great feature to be able to see at a glance, when monitoring all traffic (especially with tshark), which packets are GRE or LISP (or any other encapsulating header) encapsulated. So, with the example above, instead of showing just ICMP, the Protocol field would display ICMP/GRE or ICMP/LISP. Is this possible with the current API?probably not in the protocol column. Most (if not all) dissectors call col_set_str(pinfo->cinfo, COL_PROTOCOL, "my protocol"); and clear the previous content. I just tried defining a custom column as follows - select any packet - open "Frame" in the tree - select "Protocols in Frame" - right click, "Apply as column" That'll give you a colon-separated list of protocols in the column. Hopefully, that's what you need.
Thanks Martin, I didn't know about this, and it is certainly helpful, but a bit too verbose. Ideally I would only like to see the last protocol (as it is now) + the encapsulation protocol, if there is one. I take this is not possible right now. Would it be possible to enable protocols to define themselves as tunneling/encapsulating protocols, and change the implementation to take this into account? Wireshark could add its string it after the one set in the Protocol column, for PDUs found after parsing said protocol type. Regards, -Lori ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Mentioning encapsulation type in Protocol column Lori Jakab (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Martin Kaiser (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Lori Jakab (Mar 13)
- Re: Mentioning encapsulation type in Protocol column Martin Kaiser (Mar 13)