Ask Your Question
0

other .time fields (like dns.time, http.time)

asked 2020-04-05 13:54:31 +0000

aneom gravatar image

Hi, I'm brand new to wireshark and I spotted a feature where you can add your own columns to the Packet List.

I'm interested to have a single column that displays things like dns.time, http.time and any other ".time" fields that there are.

  1. Where can I find the different protocols that take ".time" at the end of them? I searched on the wiki.wireshark.org but I didn't find anything. I want to set this up once and have it work for all different protocols that I might encounter
  2. I imagine this can get pretty messy, so can I name all of the items in the "Fields" field as for example "George" and then edit George to keep things neat?

Sorry if I broke any rules before posting, I rarely read those. Thanks for your time and wash your hands

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-04-05 14:12:02 +0000

Chuckc gravatar image

No guarantee this will find all of them:

https://code.wireshark.org/review/gitweb?p=wireshark.git&a=search&h=HEAD&st=grep&s=.time%22


The grep is for .time"

You can display multiple fields in the Fields: for a column:

dns.time or http.time
edit flag offensive delete link more

Comments

I forgot to attach a screenshot, I'm already using the dns.time || http.time format, I was just looking for a way to have just one word written in the "Fields" field, like a global variable or a list or something. Thanks a lot for your answer, have a good day!

EDIT: it appears that I cannot add a screenshot because I don't have 60 points yet. Whatever

aneom gravatar imageaneom ( 2020-04-05 14:15:40 +0000 )edit

You could store it in a Display Filter Macro but would have to copy the macro definition to the column Fields: when it changes.

"time_fields","dns.time or http.time"


If its something that you think would be used often, file an enhancement request

Chuckc gravatar imageChuckc ( 2020-04-05 14:39:22 +0000 )edit

I got everything I need now, thank you!

aneom gravatar imageaneom ( 2020-04-05 15:08:20 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-04-05 13:54:31 +0000

Seen: 610 times

Last updated: Apr 05 '20