Hello,
Try "icom.message eq 6" instead of "icom.message==6" or "icom.message=6".
You would be able to filter your messages.
Regards
Philippe
> Date: Tue, 31 Mar 2009 18:56:08 +0000
> From: gogrady@xxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> CC: Christopher.Maynard@xxxxxxxxx
> Subject: Re: [Wireshark-dev] Filtering
>
> hello,
>
> Sorry to bother again, but i did have another question. If i use proto_tree_add_text( ); for all my other branches, but still want to be able to filter them, is there a way i can make a variable like hf_icom_message, and set it to a value in dissect_icom() to be able to filter it? For example, make:
>
> { &hf_icom_message,
> {"Message", "icom.message",
> FT_UINT16, BASE_DEC,
> NULL, 0x0,
> NULL, HFILL }
> }
>
> and have somewhere hf_icom_message = 6; in dissect_icom()
>
> and not use it for outputting anything, but just so i would be able to filter in wireshark with something like icom.message==6?
>
> Thanks,
>
> Greg
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Découvrez toutes les possibilités de communication avec vos proches
|
