How to create a custom colum for either TCP or UDP port?

asked 2018-05-18 13:00:40 +0000

keli
3 ●1 ●2 ●3

updated 2018-05-18 13:06:20 +0000

I can add of course a custom column for either tcp.srcport or udp.srcport (and their dstport equivalents) but

is there a way to display the src/dst port information in the same custom column regardless of the Layer3 protocol used ? Since one packet will never be both TCP and UDP at the same time.

I randomly tried a few variations that I thought might make sense, but no lock. Is there any syntax (besides specific field data) to custom column? The custom editor says "Fields" in plural, but I cannot seem to be able to add more than one.

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2018-05-18 13:18:27 +0000

Pascal Quantin
5831 ●63 ●65

Hi,

In Fields simply put tcp.srcport || udp.srcport for the source port, or tcp.dstport || udp.dstport for the destination port.

edit flag offensive delete link

Comments

Well, thank you both, sorry I cannot choose both as a valid answer :) I've tried each and of course got it to work with either answer.

I've marked Pascal's one as the accepted answer since it explains the format of the custom field, thus it's useful in other scenarios as well. I wasn't aware of the built-in column type apparently (although I recalled having this ages ago).

keli ( 2018-05-18 14:52:57 +0000 )edit

add a comment