This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Search In:Packet list not working on a particular interface.

0

In wireshark 1.8.5, for wimax-btsCapc interface, searching for a packet through Packet list doesn't show any output. But searching for the same through 'Packet Details' option works. Where could be the probable defect?

asked 25 Sep '13, 01:08

sunshine's gravatar image

sunshine
16559
accept rate: 0%

2 Answers:

0

Not all packet details are available in the packet list (there is only a summary line), so a "string" search will not find the same packets.

answered 30 Sep '13, 15:19

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

What can be done to include all the packets for string search through List?

(01 Oct '13, 03:15) sunshine

I'm not sure I understand your question. Do you want to display all packets that contain a certain string? You could use the display filter "frame contains <string>" for that.

(01 Oct '13, 03:31) SYN-bit ♦♦

Issue is with the custom-dissector

If you have written your dissector to generate (named) fields, then you can filter on those fields.

What is the data you want to filter on and how did you add the data to the "tree" in your dissector?

(01 Oct '13, 04:19) SYN-bit ♦♦

I want do a search based on the content of "Info",last column in the top-most display pane. Search on the basis of packet-list returns null, while on the basis of packet details do point at corresponding packet. Why is it so?.

(01 Oct '13, 04:34) sunshine

Searching in the packet-list works for me (version 1.10.0 and 1.8.7). Do you want to search in the packet list (find the next listed packet that matches the search criteria) or do you want to filter the packet list (limit the list of packets to only those that match your search criteria).

In case of filtering, the "info" column is a constructed column for which there is no filterable field. In general, all the info in the "info" column is also available in specific protocol fields.

Can you post an image of the packet-list and packet details of your custom dissector and indicate what you would like to search on?

(01 Oct '13, 04:48) SYN-bit ♦♦

0

Where could be the probable defect?

There is no defect in Wireshark. You can simply search in different views

  • Packet list (only the overview of packets with some information about the content)
  • Packet details (information about dissected fields)
  • Packet bytes (the raw packet bytes)

The results of a search operation are obviously different.

What are trying to find?

Regards
Kurt

answered 01 Oct '13, 03:32

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 01 Oct '13, 03:48

Issue is with the custom-dissector, I developed. What I want to do is, perform a search with Packet list, which in my case is returning null.

(01 Oct '13, 04:00) sunshine

Search on the basis of packet-list returns null, while on the basis of packet details do point at corresponding packet. Why is it so?.

Do you see the search string in the packet list columns (especially the info column)?

Can you post a screenshot and highlight the search string in the packet list, or post a capture file (probably useless without the dissector)

(01 Oct '13, 05:23) Kurt Knochner ♦

Yes, I can see the string in Info column. Unable to upload screenshot due to policies at workplace.

(02 Oct '13, 22:21) sunshine