How to read values of type 'Label'

asked 2019-05-23 21:58:23 +0000

adamiaonr

updated 2019-05-23 22:36:29 +0000

I'm experiencing an issue for which I couldn't find an answer in Google.

I'm interested in the values of the field wlan.vht.compressed_beamforming_report.phi ('PHI'), which according to the display field reference guide is of type 'Label' and available in versions 2.4.0 to 3.0.2 (mine is 2.6.9, so I assume that's ok).

To display the values of 'PHI' in a column, I right-click on the value in the packet details pane, and choose the option 'Apply as column'.

However, the value that shows up in the column is a simple 'tick', while the value in the packet details pane is very different (e.g., check this screenshot, with the expected value highlighted in the packet details pane).

My questions are:

  • What exactly is the protocol field type 'Label'?
  • Why isn't the 'correct' value showing up in the column after I do 'Apply as column'?
  • I've checked that if I right-click on the value in the packet details pane and choose 'Copy' > 'Description', the pasted value is the expected one. Is it possible to make the 'Description' appear in the column instead?

Wireshark version: Version 2.6.9 (v2.6.9-0-gf1627e90)

OS: Mac OS X 10.11.5

answered 2019-05-30 17:30:28 +0000

Guy Harris

The answer to the remaining question is "you can't". The 802.11 dissector does not provide the quantized angle values as named, typed fields; Copy > Description just copies the raw text, and the column mechanism doesn't currently support that.

Thanks, that's what I thought!

I ended up exporting the raw hex string of the 'vht compressed beamforming report' as a column, and then parsed it myself using a Python script.

In order to understand how the parsing was done, I've analyzed the Wireshark source code and looked into the IEEE 802.11ac specification.

adamiaonr ( 2019-05-31 11:45:44 +0000 )

answered 2019-05-24 01:35:27 +0000


Guy Harris already answered a similar question and does a better job than I can.



Thank you for the pointer! However, that answer doesn't answer the remaining questions, more specifically how to display the value that one sees in packet details in a column.

adamiaonr ( 2019-05-24 08:56:37 +0000 )

