Wireshark · Ethereal-dev: Re: [Ethereal-dev] How to get a list of all vars avail from dissector.

["Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>]

----- Original Message -----
From: "Jaime Fournier"
Subject: [Ethereal-dev] How to get a list of all vars avail from dissector.


> In one of my dissectors I would like to spit out a few
> things to STDERR when a specific value is found within
> the dissector.
> I looked over the packet_info stucture for pinfo, and
> was wondering if there was a complete list of things
> like src addr, dst, etc, that I could review for their
> possible inclusion within what ever I spit out to
> STDERR, or file.
>

To find out what fields are available, look at the Makefile used to build
[t]ethereal,
i think that after it has built the executables, as part of the process to
build the man pages, it will call [t]
ethereal with a magic flag to output all display filter fields known to
[t]ethereal.

This should be a complete list of all fields known to [t]ethereal.

You can output any of these fields using tethereal (not yet ethereal) to
COL_INFO
using    -z proto,colinfo,<filter>,<field>

where the field <field> and its value will be put in the COL_INFO line for
all
packets matching the filter <filter>.
Note that in order for the extension to be able to extract the <field>
values, <field> MUST
also be part of the <filter> string.

examples
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash

-z "proto,colinfo,nfs and rpc.time,rpc.time"