This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can Wireshark show a “Locked View” with message values changing?

0

Hi there,

I'm looking to do some analyses of my car with Wireshark in live capture mode. However, I find it difficult to analyse the data live, even when using filters.

I was wondering if it would be possible to "lock the view" in wireshark so that I e.g. specify 10 message IDs that I want to "stay in place" on my screen, while allowing the values of these IDs to change? I.e. one message ID could relate to vehicle speed and it would constantly be the top message in the interface - but the value would change as the speed changes.

Does this already exist? If not, is it possible to code this up?

Thank you, Martin

asked 10 May '17, 14:20

mfcss's gravatar image

mfcss
217710
accept rate: 0%


One Answer:

1

Does this already exist?

No.

If not, is it possible to code this up?

It would probably be extremely difficult to make the packet list work that way.

However, it would probably be not too hard to write a tap for your protocol that could be given a list of message IDs and displays the values corresponding to those message IDs, updating them as new packets arrive.

See this page on writing taps in Lua and the README.tapping document. At least for writing a tap in C++, you'll probably need to read the Qt documentation as well.

answered 10 May '17, 21:57

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%