Wireshark · Wireshark-dev: [Wireshark-dev] What severity should be shown for multiple expert infos in a packet ?

Wireshark-dev: [Wireshark-dev] What severity should be shown for multiple expert infos in a pac

From: Michael Lum <michael.lum@xxxxxxxxxxxxxxxxx>

Date: Mon, 17 Sep 2012 18:04:29 -0700

I searched and couldn't find anything on multiple expert infos.

What severity level is supposed to be shown in the 'expert' column
when there is more than one expert info in a packet?

This

An optional "Expert Info Severity" packet list column is available (since SVN 22387 → 0.99.7), that displays the most significant severity of a packet, or stays empty if everything seems ok.

at the bottom of section 7.3.4 "Expert" Packet List Column (optional) http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html

seems to imply an ERROR would be shown instead of WARN.

For example in one packet I have:

there was a UDP ERROR severity expert info for a bogus payload length

there was also a WARN severity expert info for a protocol dissected in
the UDP payload.

The 'expert' column displayed WARN.

It seems like a bug.

Michael Lum (michael.lum@xxxxxxxxxxxxxxxxx) | STAR SOLUTIONS | Principal Software Engineer

4600 Jacombs Road, Richmond BC, Canada V6V 3B1 | +1.604.303.2315

Follow-Ups:
- Re: [Wireshark-dev] What severity should be shown for multiple expert infos in a packet ?
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Disabling a dissector doesn't seem to quite work.
Next by Date: Re: [Wireshark-dev] What severity should be shown for multiple expert infos in a packet ?
Previous by thread: Re: [Wireshark-dev] Reordering capture files
Next by thread: Re: [Wireshark-dev] What severity should be shown for multiple expert infos in a packet ?
Index(es):
- Date
- Thread