ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online

Wireshark-dev: Re: [Wireshark-dev] Dissecting multiple protocol headers in a single plugin

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 04 Apr 2007 09:38:01 -0700
Charles Lepple wrote:

I don't know when it's NULL while the GUI is up, but I gather the
intent was for cases like when tshark is displaying only the one-line
summary, and not the full tree.

The intent is for all cases where a protocol tree isn't needed.

This includes:

	1) tshark, when it's displaying the one-line summary;

2) Wireshark, when it's reading in the capture file and building the packet summary display, and there are no color filters (which require a protocol tree, to check display filter expressions) or tap listeners (which get passed a protocol tree), and there's no read filter (which also requires a protocol tree);

and there might be some other cases.