Ask Your Question
0

how to display column with doip user data using field name doip.data

asked 2019-08-15 14:43:39 +0000

jmorenog gravatar image

I am using Wireshark 3.0.3 and I need to add a column that displays the field "doip.data". I expect to see a sequence of bytes for all of the doip packets however wireshark doesn't display anything in the column. can someone please help?

edit retag flag offensive close merge delete

Comments

Do you have a capture you can share on a public share, e.g. Google Drive, DropBox etc. ?

grahamb gravatar imagegrahamb ( 2019-08-15 14:56:32 +0000 )edit

Hi, thanks for your comment:

https://drive.google.com/open?id=1-Yd...

jmorenog gravatar imagejmorenog ( 2019-08-15 15:10:27 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-08-15 15:41:14 +0000

grahamb gravatar image

The doip.data field is only populated if the doip dissector cannot locate the UDS (Unified Diagnostic Services) dissector. As the UDS dissector is present and manages to dissect the DoIP messages in your capture, the field is not populated.

Oddly, disabling the UDS dissector still doesn't populate the field, but the data.data field is then available, you could try this if you must see the bytes in a column.

edit flag offensive delete link more

Comments

Graham, the data.data field does exactly what I wanted!. Thank you very much

jmorenog gravatar imagejmorenog ( 2019-08-15 17:58:57 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-08-15 14:43:39 +0000

Seen: 930 times

Last updated: Aug 15 '19

Related questions

How I install wireshark in termux