Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] display filter for expert/tcp analysis info

From: Nathan Jennings <njen@xxxxxxxxxxxx>
Date: Fri, 25 Jul 2008 20:20:32 -0400
Yes, this is exactly what I was looking for. Thanks!

I had forgotten I could use tshark to output the trace in pdml and then look for the field names.

Thanks again, -Nathan


On 7/25/2008 7:00 AM, Abhik Sarkar wrote:
Hi Nathan,

Would using the tcp.analysis.lost_segment and other display filters
from the tcp.analysis family not meet your requirement? Or do you
specifically want to have display filters on expert analysis items for
a broader scope?

Regards,
Abhik.

On Fri, Jul 25, 2008 at 7:12 AM, Nathan Jennings <njen@xxxxxxxxxxxx> wrote:
Hello,

Is there a way to use the display filter syntax to filter packets based
on the expert/tcp analysis output (strings)?

What I'd like to do is construct a display filter that matches an
expert/tcp analysis string like "TCP segment lost", or something
similar. I could then use this filter in the IO Graph window to
show/highlight the affected packets in the line graph.

I looked at the wishlist on the Wiki but didn't see anything.

Any ideas on how difficult this might be to implement? Maybe point me to
where I might get started?

Thanks, -Nathan

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev