Maybe you mean to use icom.type==1 for heartbeat, or icom.type==2 for
data?
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: Tuesday, March 31, 2009 2:41 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Filtering
>
>
> On Mar 31, 2009, at 11:32 AM, gogrady@xxxxxxxxx wrote:
>
> > now i want to be able to filter out the two in wireshark, which i
> > thought would be icom.type=1 for heartbeat, or icom.type=2 for data.
> > But that doesnt seem to work. i added a line to see what
> > hf_icom_bnp_type is equal to:
> >
> > proto_tree_add_text(icom_message_tree, tvb, 0, 0, "BNP: %d",
> > hf_icom_bnp_type);
> >
> > and it returns 79353 everytime. Does anyone know what the problem
is?
>
> It's not that hf_icom_bnp_type is 79353 - it's not the value of the
> field, it's the index into a table inside Wireshark of all the fields
> that Wireshark knows about.
>
> Add a line to make sure that
>
> bnp = proto_tree_add_item(icom_tree, hf_icom_bnp_type, tvb,
> offset,
> 1, FALSE); offset += 1;
>
> is being executed *and* that icom_tree is non-null when you're trying
> to filter (I'd suggest printing debugging something to the standard
> error), or use a debugger to do that.
>
_______________________________________________________________________
> ____
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-
> request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
