Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 3 Jul 2008 15:00:00 -0700

On Jul 3, 2008, at 2:43 PM, Kumar, Hemant wrote:

What I want to know is that whether such a tree like structure which appears in the details pane is possible in the Filter Expression Dialog Box? And I don't want to register fields like tcp.flags.syn rather register them individually i.e. register flags separately, syn separately and let the wireshark make the filter expression depending upon the selection in the Filter expression dialog box.

That's not possible, and there's no workaround. You have to give fields their full name. If you have several message types with a "flags" field, *and* that "flags" field is the same in all those message types, you could register a "proto.flags" field, and "proto.flags.XXX" fields for the flags in the "flags" field.

As per my earlier mail, displaying the field list as a multi-level tree could be done without that.