Wireshark-users: Re: [Wireshark-users] Betr: custom columns?

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 12 Aug 2008 16:01:48 -0700

On Aug 12, 2008, at 2:37 PM, Marlon Duksa wrote:

Luis - how would this work in this packet:

No.     Time        Source                Destination           mpls1
  15256 30.489742   11.0.0.4              5.5.5.5               800012

Frame 15256 (120 bytes on wire, 120 bytes captured)

Ethernet II, Src: TimetraN_0d:45:6c (00:03:fa:0d:45:6c), Dst: LinksysG_80:7e:ba (00:04:5a:80:7e:ba) Internet Protocol, Src: 100.100.100.100 (100.100.100.100), Dst: 7.7.7.7 (7.7.7.7)

Generic Routing Encapsulation (MPLS label switched packet)

MultiProtocol Label Switching Header, Label: 2051, Exp: 0, S: 1, TTL: 255 Ethernet II, Src: JuniperN_9b:85:fe (00:12:1e:9b:85:fe), Dst: JuniperN_9b:89:f9 (00:12:1e:9b:89:f9) MultiProtocol Label Switching Header, Label: 800012, Exp: 0, S: 1, TTL: 255 Ethernet II, Src: Xerox_00:00:03 (00:00:07:00:00:03), Dst: Xerox_00:00:03 (00:00:03:00:00:03)

Internet Protocol, Src: 11.0.0.4 (11.0.0.4), Dst: 5.5.5.5 (5.5.5.5)
Data (26 bytes)

Let say I want custom columns for the three fields in red.

Note:

Not everybody is using a mail reader that does HTML or otherwise enriched mail; I happen to be using one, but, heck, there's one engineer at Apple who uses Mutt to read his mail....

Also, there might well be somebody on the list who's fully color-blind.

The fields in question are:

	the label in the first MPLS encapsulation;

the Ethernet source in the Ethernet header inside the first MPLS encapsulation;

	the label in the MPLS encapsulation inside said Ethernet header.

Using Luis' notation, those would presumably be:

	mpls.label/gre/ip/eth

	eth.src/mpls/gre/ip/eth

	mpls.label/eth/mpls/gre/ip/eth