How to display slice as a filter in column?

asked 2022-05-17

Ayelet gravatar image

I want to add a column with displaying 4 bytes form ethercat data:[0:4] For some reason filter "[0:4]" is not work. I found that filter "[0:4] & 0xff" is works, but only if I use it as a normal filter. I can't set this filter as cloumn.

Does anyone know how I can get this information? (I don't want to use lua)

answered 2022-05-17

Chuckc gravatar image

updated 2022-05-18

cmaynard gravatar image

Previous answers:
need part of data only
display only portion of data field as column

When a Custom column is defined, you get to pick a field and its occurrence.

    if (col_item->col_fmt == COL_CUSTOM) {
      col_item->col_custom_fields = g_strdup(get_column_custom_fields(i));
      col_item->col_custom_occurrence = get_column_custom_occurrence(i);

It would be pretty easy with a Lua script but yes, that is an extra file to keep up with for future installs or other users.

I couldn't find any enhancement requests asking for this. They are created on the Wireshark Gitlab issues page.

edit flag offensive delete link more


So to add it I must run it with the source code?

Ayelet ( 2022-05-17 )

Lua Support in Wireshark
The Lua script would go in your Personal Lua Plugins folder.
Check Help->About Wireshark->Folders for the location.
Here is an example: How can I write a dissector for a part of the LLDP payload in Lua ?

Chuckc ( 2022-05-17 )

Thanks! I have a problem to make a Lua script: So I looked for other alternatives.

Ayelet ( 2022-05-18 )

Here's an example of adding the slice from as a new field to use as a column.
The link above mentioned that heuristics were not available in Lua then but should work now if you wanted to add inline to the ecat tree.

-- ecatdata.lua
-- Grab and format fields as needed
-- (Sample capture:

-- Step 1 - document as you go. See header above and set_plugin_info().
local ecatdata_info =
    version = "1.0.0",
    author = "Chuck Craft",
    description = "Copy 4 bytes of to new field",


-- Step 2 - create a protocol to attach new fields to
local ecatdata_p ="ecatdata","Slice of")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("ecatdata.slice", " slice") }

ecatdata_p.fields = pf

-- Step 4 - grab existing field(s ...
Chuckc ( 2022-05-18 )

So the concept here is:

  1. Create a new field based on specific data.

  2. Then use this field as column.

And Step 1 requires some sort of code and for most LUA is the easiest way to add code to wireshark.

hugo.vanderkooij ( 2022-05-18 )

Asked: 2022-05-17 17:43:06 +0000

