Ask Your Question

Does Wireshark provide the ability to lookup strings like it does for values?

asked 2019-12-02 19:21:48 +0000

cmaynard gravatar image

The value_string's are useful for mapping numbers to strings, but I'm looking for a way to map strings to other strings. For example, a protocol might contain an abbreviation or acronym for a longer string and I'd like to lookup/display the longer string instead of the abbreviated string. I know I can use BASE_CUSTOM for this, but before I do, I was wondering if there was already something built in to Wireshark that supports this.


For value_string, we might have:

static const value_string foo_vals[] = {
    {1, "Hello World"},
    {2, "Goodbye Cruel World"},
    {0, NULL}

... but I want something like a string_string:

static const string_string foo_vals[] = {
    {"HW", "Hello World"},
    {"GCW", "Goodbye Cruel World"},
    {NULL, NULL}


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-12-02 19:45:16 +0000

cmaynard gravatar image

OK, I now see that string_string is already defined in value_string.[h|c], as well as str_to_str() and friends. I missed it as I had been looking in doc/README.dissector and saw no mention of it. In any case, this is what I was looking for, so this answers my question.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-12-02 19:21:48 +0000

Seen: 261 times

Last updated: Dec 02 '19