I want to add a column with displaying 4 bytes form ethercat data: eacat.data[0:4] For some reason filter "ecat.data[0:4]" is not work. I found that filter "ecat.data[0:4] & 0xff" is works, but only if I use it as a normal filter. I can't set this filter as cloumn.
Does anyone know how I can get this information? (I don't want to use lua)
Previous answers:
need part of data only
display only portion of data field as column
When a Custom column is defined, you get to pick a field and its occurrence.
column.c:
if (col_item->col_fmt == COL_CUSTOM) {
col_item->col_custom_fields = g_strdup(get_column_custom_fields(i));
col_item->col_custom_occurrence = get_column_custom_occurrence(i);
}
It would be pretty easy with a Lua script but yes, that is an extra file to keep up with for future installs or other users.
I couldn't find any enhancement requests asking for this. They are created on the Wireshark Gitlab issues page.
Lua Support in Wireshark
The Lua script would go in your Personal Lua Plugins folder.
Check Help->About Wireshark->Folders for the location.
Here is an example: How can I write a dissector for a part of the LLDP payload in Lua ?
Thanks! I have a problem to make a Lua script: https://osqa-ask.wireshark.org/questi... So I looked for other alternatives.
Here's an example of adding the slice from ecat.data as a new field to use as a column.
The link above mentioned that heuristics were not available in Lua then but should work now if you wanted to add inline to the ecat tree.
-- ecatdata.lua
-- https://ask.wireshark.org/question/27207/how-to-display-slice-as-a-filter-in-column/
-- Grab and format fields as needed
-- (Sample capture: https://gitlab.com/wireshark/wireshark/-/issues/11652)
-- Step 1 - document as you go. See header above and set_plugin_info().
local ecatdata_info =
{
version = "1.0.0",
author = "Chuck Craft",
description = "Copy 4 bytes of ecat.data to new field",
}
set_plugin_info(ecatdata_info)
-- Step 2 - create a protocol to attach new fields to
local ecatdata_p = Proto.new("ecatdata","Slice of ecat.data")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("ecatdata.slice", "ecat.data slice") }
ecatdata_p.fields = pf
-- Step 4 - grab existing field(s ...So the concept here is:
Create a new field based on specific data.
Then use this field as column.
And Step 1 requires some sort of code and for most LUA is the easiest way to add code to wireshark.
Asked: 2022-05-17 17:43:06 +0000
Seen: 352 times
Last updated: May 18 '22
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
