Hi Lori and all, Thus wrote Lori Jakab (lja...@ac.upc.edu):
> AFAIK, currently the protocol displayed in the Protocol column of > Wireshark is that of the last dissector called on the packet. This makes > it difficult to distinguish among packets with or without some type of > encapsulation, unless filtering is employed. That is, a "regular" ICMP > packet and a GRE encapsulated ICMP packet are both simply listed as ICMP. > It would be a great feature to be able to see at a glance, when > monitoring all traffic (especially with tshark), which packets are GRE > or LISP (or any other encapsulating header) encapsulated. So, with the > example above, instead of showing just ICMP, the Protocol field would > display ICMP/GRE or ICMP/LISP. > Is this possible with the current API? probably not in the protocol column. Most (if not all) dissectors call col_set_str(pinfo->cinfo, COL_PROTOCOL, "my protocol"); and clear the previous content. I just tried defining a custom column as follows - select any packet - open "Frame" in the tree - select "Protocols in Frame" - right click, "Apply as column" That'll give you a colon-separated list of protocols in the column. Hopefully, that's what you need. Best regards, Martin ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
