ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Highlight fields

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Fri, 12 Feb 2016 09:22:39 -0500
I'm not sure this would require changes to the dissectors.

I would /think/ that this could be done similar to how the Expert Info system highlights the (tree) path down to the item to which the expert info is attached.  That is, it could be done in the proto_tree_add*() calls by, for example:
  1. Checking if the field being added was part of the display filter
  2. If so then highlighting the path back to the root of the tree (like the expert info calls do)

I don't know, however, how you could visually distinguish expert info's from the "here is(are) your field(s)" highlights.

On Wed, Feb 10, 2016 at 7:48 AM, Juan Jose Martin Carrascosa <juanjo@xxxxxxx> wrote:
Do you know which would be the approach? I am willing to implement it. Any idea is very much appreciated!

Thanks,
Juanjo

On Wed, Feb 10, 2016 at 1:45 PM, Roland Knall <rknall@xxxxxxxxx> wrote:
Hi

No, currently there is no direct way to do this. And any new way would require a change to the dissectors handling the messages

regards

On Wed, Feb 10, 2016 at 11:44 AM, Juan Jose Martin Carrascosa <juanjo@xxxxxxx> wrote:
Hi all,

Let's say I have several submessages in a packet (RTPS). When I filter, one of them matches so the whole RTPS (UDP datagram) matches and thus, it is shown in the display. However, if the amount of submessages is large (200?), it is quite tedious to find the matching submessage.

Is there any way in Wireshark (GUI or changing source code) to solve my issue? Highlighting the field that makes something match a filter or something like that.

Thanks!
Juanjo Martin

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--

Juanjo Martin
Applications Engineer
Professional Services Group

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube