Ask Your Question
0

comparing values with custom columns?

asked 2019-09-23 08:02:25 +0000

HaKan gravatar image

Hi, is it possible, to add a formula into a custom column, to compare two different values? My idea is, to compare the IPID (ip.id) of the current packet with the IPID of the previous packet, or alternative the same with the ESP sequence number (esp.sequence). I want to have an easy visible indicator for lost packets in UDP oder ESP streams. If the ID of the current packet is more than "1" higher, than that of the previous captured, a previous packet is missed. I only had to check for values greater 1 in that column. Or is there an alternative solution, to check this in an easy way?

Thanks in advance an best regards! HaKan

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-09-23 09:43:34 +0000

SYN-bit gravatar image

Such functionality is not available in Wireshark/Tshark by default. But you could write a Lua script that does that for you.

Something similar had been written by Advance7/Tribelab for detecting gaps in the PCoIP protocol.

See: https://community.tribelab.com/course/view.php?id=17

More info on using Lua in Wireshark can be found at https://wiki.wireshark.org/Lua

edit flag offensive delete link more

Comments

Sounds the PCoIP analysis ist almost what I am looking for. Well, I will check this Lua. Many thanks!

HaKan gravatar imageHaKan ( 2019-09-24 09:32:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-09-23 08:02:25 +0000

Seen: 728 times

Last updated: Sep 24 '19