Hello Thanks!! Yes I completely agree with you but tcp.flags.syn appears because we have already registered a field with the name tcp.flags.syn.
What I want to know is that whether such a tree like structure which appears in the details pane is possible in the Filter Expression Dialog Box? And I don't want to register fields like tcp.flags.syn rather register them individually i.e. register flags separately, syn separately and let the wireshark make the filter expression depending upon the selection in the Filter expression dialog box. I guess this has not been implemented for Filter Expression Box, but still I wanted to know if it is possible to work around. Thanks Hemant -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar Sent: Thursday, July 03, 2008 1:36 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Query on Field Registration Isn't _something_ like what you want already present. I agree it is not _exactly_ the same, but it is very similar. Taking your example of the TCP protocol: - Select any frame. - In the Packet Details pane - click + to expand the TCP protocol - click + to expand the Flags. - Select a flag of your choice (e.g. SYN) - Right-click and choose "Prepare a filter > Selected", and ""tcp.flags.syn == X" appears in the display filter field! Regards, Abhik. On Thu, Jul 3, 2008 at 11:09 PM, Kumar, Hemant <[EMAIL PROTECTED]> wrote: > So that if user wants to select fetch all the messages having subfield == X > > He should go in the expression window and not put Protocol.Field.subfield == > X, but rather just go on hitting on the + buttons and the subtree should > appear below it and he can set the parameter for that field and the > wireshark will automatically form the expression based on the user selction > of trees and subtrees so basically I don't want to put > > > > Protocol.Field.subfield beforehand in the expression window but rather just > firstly just Protocol will appear then on hitting + for protocol, Field will > apper and then on hittin + for Field subfield should appear and then user > can set subfield == x and in the expression bar, automatically wireshark > will put the expression Protocol.Field.subfield. _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
