This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Feature Request: Being able to add a Column which is a calculated field

0

I often need to analyze FIX messages and doing this I could really need a way to be able to create a "calculated field".

e.g. - I have a trace containing FIX stream - I have the OS timestamp when we received the message - I have the FIX time stamp inside the message in SendingTime (Tag52)

To be able to analyze this closer it would be VERY beneficial if it was possible to create a "Calculated Column" and report on that.

It should be able to specify which original columns to use - e.g. Column name FIXDelay = Tag52-OSTime. This would give a quick picture of the delays caused in the FIX stream. Of cause a way to create a graph for this would also be GREAT!

Regards Ib Tornøe

asked 21 Sep '12, 02:31

ITO's gravatar image

ITO
-1222
accept rate: 0%

Interesting idea. I think for now, you would have to use a script to do this offline. You can also checkout commercial analyzers that can decode FIX for you (if you have the right version of FIX as the analyzer). On the right side of this site is the Riverbed/Pilot ad. See if that will be able to help you as it has FIX support.

(21 Sep '12, 14:11) hansangb

Hi hansangb I do have Pilot and that does not have this capability - I have filed a request for new feature. Regarding Wireshark – my idea was to have a common way of adding a column that could contain custom values created out of a formula, where it was possible to do calculations on optional fields in FIX but also in any protocol. Also to be able to use this same formula to draw a graph this would be great. If should send this a new feature request for Wireshark for this feature – where is the right place to do this?

(21 Sep '12, 23:15) ITO

ITO, Scripting is the only way (since FIX views don't support what you need). These types of scripting support is what we (Riverbed) are working on.

(23 Sep '12, 17:17) hansangb

Hi Hansang Bae. I know you are working on this - I have filed the request for this support myself - with this support we can do the same in Pilot as in Corvil. But I would also like to file a request for extension of the functionality natively in Wireshark - where is the preferred place to do that? -Ib Tornøe

(23 Sep '12, 22:29) ITO

The designated place to file feature requests for Wireshark is to file an enhancement request at https://bugs.wireshark.org.

(24 Sep '12, 02:17) SYN-bit ♦♦

One Answer:

0

That's why there is Lua support in Wireshark :-)

answered 21 Sep '12, 03:19

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks ;-)

(21 Sep '12, 05:19) ITO