I can create a display filter to display frames with more than one expert info:
count(_ws.expert.message)>4
Would be nice to be able to add a column count(_ws.expert.message) to sort on and have available when analyzing.
There doesn't seem to be a length field for tcp.options so a column len(tcp.options) would be nice.
TCP options aren't broken down into occurrences so something like count(tcp.option_len) (doesn't count NOPs) to compare different TCP handshakes.
Don't have a use case for upper, lower or string but include for completeness? Each use would be standalone - not dependent on other packets or fields - so maybe just an extension of the column definition language?
https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
6.4.6. Functions
The display filter language has a number of functions to convert fields, see Table 6.7, “Display Filter Functions”.
Table 6.7. Display Filter Functions
Function Description
upper Converts a string field to uppercase.
lower Converts a string field to lowercase.
len Returns the byte length of a string or bytes field.
count Returns the number of field occurrences in a frame.
string Converts a non-string field to a string.
