How to display slice as a filter in column?

answered 2022-05-17 18:34:54 +0000

Chuckc
3023 ●6 ●608 ●20

updated 2022-05-18 14:33:48 +0000

11115 ●11 ●317 ●165 https://www.igt.com/

Previous answers:
need part of data only
display only portion of data field as column

When a Custom column is defined, you get to pick a field and its occurrence.
column.c:

    if (col_item->col_fmt == COL_CUSTOM) {
      col_item->col_custom_fields = g_strdup(get_column_custom_fields(i));
      col_item->col_custom_occurrence = get_column_custom_occurrence(i);
    }

It would be pretty easy with a Lua script but yes, that is an extra file to keep up with for future installs or other users.

I couldn't find any enhancement requests asking for this. They are created on the Wireshark Gitlab issues page.

edit flag offensive delete link

Comments

So to add it I must run it with the source code?

Ayelet ( 2022-05-17 18:48:53 +0000 )edit

Lua Support in Wireshark
The Lua script would go in your Personal Lua Plugins folder.
Check Help->About Wireshark->Folders for the location.
Here is an example: How can I write a dissector for a part of the LLDP payload in Lua ?

Chuckc ( 2022-05-17 20:22:52 +0000 )edit

Thanks! I have a problem to make a Lua script: https://osqa-ask.wireshark.org/questi... So I looked for other alternatives.

Ayelet ( 2022-05-18 03:30:51 +0000 )edit

Here's an example of adding the slice from ecat.data as a new field to use as a column.
The link above mentioned that heuristics were not available in Lua then but should work now if you wanted to add inline to the ecat tree.

-- ecatdata.lua
-- https://ask.wireshark.org/question/27207/how-to-display-slice-as-a-filter-in-column/
-- Grab and format fields as needed
-- (Sample capture: https://gitlab.com/wireshark/wireshark/-/issues/11652)

-- Step 1 - document as you go. See header above and set_plugin_info().
local ecatdata_info =
{
    version = "1.0.0",
    author = "Chuck Craft",
    description = "Copy 4 bytes of ecat.data to new field",
}

set_plugin_info(ecatdata_info)

-- Step 2 - create a protocol to attach new fields to
local ecatdata_p = Proto.new("ecatdata","Slice of ecat.data")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("ecatdata.slice", "ecat.data slice") }

ecatdata_p.fields = pf

-- Step 4 - grab existing field(s ...

(more)

Chuckc ( 2022-05-18 04:02:07 +0000 )edit

So the concept here is:

Create a new field based on specific data.
Then use this field as column.

And Step 1 requires some sort of code and for most LUA is the easiest way to add code to wireshark.

hugo.vanderkooij ( 2022-05-18 06:08:23 +0000 )edit

see more comments

How to display slice as a filter in column?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How to display slice as a filter in column? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How to display slice as a filter in column?