Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] Trying to add computed value

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Hal Lander" <hal_lander@xxxxxxxxxxx>
Date: Sat, 02 Dec 2006 09:03:13 -0900

Thanks for the solution, I had the same problem.

Its probably a good idea to also put;
item=proto_tree_add_uint(my_tree, hf_my_item, tvb, offset, length, my_item_value); 
PROTO_ITEM_SET_GENERATED(item);
That way Wireshark puts square brackets round the field to show it is calculated. If you select the field in the middle pane Wireshark will highlight in the lower pane the tvb contents defined by 'offset' and 'length' to show what raw data was used for the calculation. 

Hal


From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> 
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Trying to add computed value
Date: Mon, 27 Nov 2006 13:25:13 +0100 (CET)

Hi,

Did you use something like this:

my_item_value = 2 * tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(my_tree, hf_my_item, tvb, offset, 2, my_item_value);

Thanx,
Jaap

On Mon, 27 Nov 2006 Andrew.Martin@xxxxxxxxxxxxxxxxxxxxxx wrote:

> Hiya
>
> I'm tring to get a calculated value to be displayed instead of the value
> pulled out of the packet. However all I get is the value in the packet.
> Can somebody tell an idiot what I need to do please!
>
> Cheers
>
>

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


_________________________________________________________________
Get the latest Windows Live Messenger 8.1 Beta version. Join now. http://ideas.live.com
  • Prev by Date: [Wireshark-dev] Capturing data from Visual Studio .NET 2005
  • Next by Date: Re: [Wireshark-dev] Should I create virtual fields for use in display filters
  • Previous by thread: Re: [Wireshark-dev] Capturing data from Visual Studio .NET 2005
  • Next by thread: Re: [Wireshark-dev] Should I create virtual fields for use in display filters
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation