Yes, this is exactly what I was looking for. Thanks! I had forgotten I could use tshark to output the trace in pdml and then look for the field names.
Thanks again, -Nathan On 7/25/2008 7:00 AM, Abhik Sarkar wrote: > Hi Nathan, > > Would using the tcp.analysis.lost_segment and other display filters > from the tcp.analysis family not meet your requirement? Or do you > specifically want to have display filters on expert analysis items for > a broader scope? > > Regards, > Abhik. > > On Fri, Jul 25, 2008 at 7:12 AM, Nathan Jennings <[EMAIL PROTECTED]> wrote: >> Hello, >> >> Is there a way to use the display filter syntax to filter packets based >> on the expert/tcp analysis output (strings)? >> >> What I'd like to do is construct a display filter that matches an >> expert/tcp analysis string like "TCP segment lost", or something >> similar. I could then use this filter in the IO Graph window to >> show/highlight the affected packets in the line graph. >> >> I looked at the wishlist on the Wiki but didn't see anything. >> >> Any ideas on how difficult this might be to implement? Maybe point me to >> where I might get started? >> >> Thanks, -Nathan >> >> _______________________________________________ >> Wireshark-dev mailing list >> [email protected] >> https://wireshark.org/mailman/listinfo/wireshark-dev >> > _______________________________________________ > Wireshark-dev mailing list > [email protected] > https://wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
