 | 1 | initial version |
No, that's not supported.
What you're asking for would require a syntax different from that used in packet-matching expressions. Packet-matching expressions are expressions that evaluate to a Boolean "matches"/"doesn't match" value; what you want for that example might be something more like a C conditional expression:
dns.flags.response? dns.flags.rcode : dns.flags.response
but that's not supported.
The "or" in custom columns isn't the same "or" as the one in packet-matching expressions; it's just a list separator. It's not as if other packet-matching expression operators would make sense; at best, "and" would mean "show both of the fields if they're both present".
(The choice of packet-matching expression syntax in the fix for bug 9695, which was the feature request for which the feature was introduced, was a mistake.)
You might want to submit an enhancement request on the Wireshark Bugzilla.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.