Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] netflow patch and questions

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Fri, 11 May 2007 08:29:52 +0200
Committed revision 21746.

>Is there a way to filter on a computed value without adding a field for the
>computed value?  This isn't something I've ever needed to do with Wireshark
>before.

To be able to use the "normal" filters it need to be added with proto..()
It does not have to be visible in the three though it can be added with
proto_..hidden() but this use is discouraged as no one will find the filter
:)
You can also mark an item as generated by using PROTO_ITEM_SET_GENERATED()
 
>Are there any dissectors that allow a list of ports to be specified in the
>prefs. that I could use a model for the netflow prefs.?

See packet-tcap.c for the range field.
Regards
Anders

-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Andrew Feren
Skickat: den 10 maj 2007 23:53
Till: wireshark-dev@xxxxxxxxxxxxx
Ämne: [Wireshark-dev] netflow patch and questions

This patch collapses start and end time for each flow to a single duration
item.  The duration item can, of course, be expanded to display the start
and
end time.

This started because I needed to write a filter like the following:
    (cflow.timeend - cflow.timestart) > 1800

Is there a way to filter on a computed value without adding a field for the
computed value?  This isn't something I've ever needed to do with Wireshark
before.

While I was creating this patch I thought of something else I'd like to fix.

It would be nice if the netflow dissector could be configured to dissect
packets sent on a list of ports.  Currently the cflow (aka netflow) prefs.
allow one port # to be changed.  The netflow dissector also defines an IPFIX
port that can't be changed from prefs.  

Are there any dissectors that allow a list of ports to be specified in the
prefs. that I could use a model for the netflow prefs.?

I poked aroud a little, but didn't see anything obvious.

-Andrew

-Andrew Feren
 acferen@xxxxxxxxx