Wireshark mailing list archives

Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields

From: Graham Bloice <graham.bloice () trihedral com>
Date: Thu, 26 Nov 2020 18:30:05 +0000

On Thu, 26 Nov 2020 at 18:19, Maynard, Christopher via Wireshark-dev <
wireshark-dev () wireshark org> wrote:

Many protocols contain subtrees, such as a header with various fields that
are part of the header, and it’s convenient/logical to group those fields
within the header subtree.  However, doing so results in a Packet Diagram
that only shows the raw bytes of the subtree rather than the individual
fields contained within the subtree.

So either I’m doing something wrong, in which case I welcome any
suggestions for improving the display, or there seems to be a current
limitation to the way the Packet Diagram behaves with respect to subtrees.
Has anyone else noticed this?


I see something similar with the DNP3 dissector where I have
multiple subtrees,  but the packet diagram only shows the first two and not
the elements in those trees either.  Admittedly the DNP3 tree is a bit odd
and the Data Chunks should really be a child of the Data Link Layer.

[image: image.png]

[image: image.png]

This might be caused by the tree items being text, a summary of the
sub-tree contents.

As an example, I’ve crafted together a Lua dissector for a fictional

protocol, “Foo” along with an associated sample capture file to illustrate
what I mean.  I’ve also attached an image of the Packet Diagram showing the *“Foo
Header”* as raw bytes only.  What would be nicer to see are the
individual header fields themselves, such as for this example:

Foo Header:

0            15 16            31
+-------------------------------+
|             Magic             |
+---------------+---------------+
|     Type      |     Length    |
+---------------+---------------+

Is there a way to achieve this while still grouping the fields within a
subtree?

Thanks.
- Chris

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Packet Diagram shows only raw bytes of a subtree instead of individual fields Maynard, Christopher via Wireshark-dev (Nov 26)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields Graham Bloice (Nov 26)
- Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields John Thacker (Nov 26)
  - Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields Gerald Combs (Nov 30)
    - Re: Packet Diagram shows only raw bytes of a subtree instead of individual fields ronnie sahlberg (Nov 30)