Hello all,
So in my dissector plugin i the first byte of my messages decide if it is of
type "Data" or "Heartbeat" (packet sent to make sure the connection is still
alive). To display i use:
bnp = proto_tree_add_item(icom_tree, hf_icom_bnp_type, tvb, offset, 1, FALSE);
offset += 1;
icom_bnp_tree = proto_item_add_subtree(bnp, ett_bnp);
with:
{ &hf_icom_bnp_type,
{ "ICom BNP Type", "icom.type",
FT_UINT8, BASE_DEC,
VALS(bnp_type_names), 0x0,
NULL, HFILL }
},
and:
static const value_string bnp_type_names[] = {
{ 1, "Heartbeat" },
{ 2, "Data" },
{ 0, NULL }
};
now i want to be able to filter out the two in wireshark, which i thought would
be icom.type=1 for heartbeat, or icom.type=2 for data. But that doesnt seem to
work. i added a line to see what hf_icom_bnp_type is equal to:
proto_tree_add_text(icom_message_tree, tvb, 0, 0, "BNP: %d", hf_icom_bnp_type);
and it returns 79353 everytime. Does anyone know what the problem is? i just
want to be able to filter out heartbeats when looking at the capture file in
wireshark.
Thanks,
Greg
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
