Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Filtering

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 31 Mar 2009 16:01:44 -0700

On Mar 31, 2009, at 3:53 PM, gogrady@xxxxxxxxx wrote:

I think that answer my question. So it looks like my best bet is to use the hidden field and just go with bad UI eh?

Your *best* bet might be to find a way of dissecting the packet that doesn't involve your DLL, given the problems you've been having trying to use it in Wireshark (probably because it was never designed for use in Wireshark, and so is a bad fit for Wireshark; square pegs fit into round holes only with a lot of hard pounding and perhaps some ugly noises and damage to peg, hole, or both).

Code such as

	time = (_GetMsgTime)();
pi = proto_tree_add_text(icom_message_tree, tvb, 0, 0, "Time: %s", time);

is suboptimal UI even if you completely ignore filtering issues - you can't click on the "Time: %s" line and see what packet data corresponds to it, for example.