Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Is it still ok to create hidden items ?

From: "Speck Michael EHWG AVL/GAE" <Michael.Speck@xxxxxxx>
Date: Thu, 27 Oct 2011 13:31:05 +0200
Hi Matt,


putting all keywords in one item should work for you. You could use a display filter like

    yourProtocol.yourFieldname contains "keyword_to_search_for"


That should find all packets with the desired keyword.

BTW, using "matches" (instead of contains) enables you to use regular expressions.


cheers
Mike





-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Teto
Sent: Donnerstag, 27. Oktober 2011 11:54
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Is it still ok to create hidden items ?

Hi,

Just had a question about what's the best practice. I have a packet with a field contianing several keywords. I intend to split those keywords so that one can filter display based upon a keyword.
My problem is am compelled to display each keyword separately (one itemp per kewyord and group them in a subtree) or could I display all of them in one item in the main tree (my preference) and then create several hidden fields (one per keyword). I wonder if that last solution is good since I read in proto.h :
/* HIDING PROTOCOL FIELDS IS DEPRECATED, IT'S CONSIDERED TO BE BAD GUI DESIGN! */

What would you advise me ?

Matt
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe