I have 2 dissectors X and Y. If Y is present X calls Y or else it shows it as X. Now everything works fine. I have X and Y displaying on the PROTOCOL column in wireshark. Now I wanna see only X so I click on protocol button but now everything changes and only Y appears How do I make the COL_INFO and COL_PROTOCOL values unchangeable? They change every time i click on the "PROTOCOL" or "INFO" button. thanks in advance
asked 28 Mar '11, 02:46
When you click on the Protocol or Info column headers, you are only causing Wireshark to sort the packets by whichever column header you selected. You are not filtering out any packets by doing this. If you only want to see packets displayed that are X, but not packets in which X calls Y, then you can use a display filter to do this, such as, "
Now if you don't want Y replacing the contents of either the Protocol or Info columns when X does call Y, then you might want to have a look at some of the column utility functions, like
answered 28 Mar '11, 10:39
Make sure you set the COL_INFO and COL_PROTOCOL columns regardless of whether the "tree" argument to your dissector is null or not.
answered 29 Mar '11, 00:09
Guy Harris ♦♦