This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Customizable Expert Window

0

Considering some traffic is more important to some than others. Is the expert window customizable to capture errors that we see as more serious than others that are predefined?

asked 15 Jun '14, 13:39

ciscokid1701d's gravatar image

ciscokid1701d
11112
accept rate: 0%


One Answer:

0

Is the expert window customizable

No. What is added to the expert info, is hard coded into the dissectors. If you want to change that behavior, you'll have to change the code of each and every dissector that adds expert info. Alternatively you could modify the 'expert' functions that are called by the dissectors and implement some kind of filtering system that is configurable through the GUI. In either case, you'll have to change the source code.

A totally different alternative is to ignore the expert info window and to build your own coloring rules, based on the content of the expert fields

  • expert.message
  • expert.group
  • expert.severity

See also my answer to a similar question

http://ask.wireshark.org/questions/33842/modifying-the-expert

Regards
Kurt

answered 15 Jun '14, 13:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 15 Jun '14, 14:55

there is one dissector (I could find) that has some configurable preferences. packet-ncp.c. For the rest, my answer above still applies.

packet-ncp.c checks the following preferences.

# Whether the NCP dissector should echo the NDS Entry ID to name resolves to the expert table.
#ncp.eid_2_expert: TRUE
# Whether the NCP dissector should echo NCP connection information to the expert table.
#ncp.connection_2_expert: FALSE
# Whether the NCP dissector should echo protocol errors to the expert table.
#ncp.error_2_expert: TRUE
# Whether the NCP dissector should echo server information to the expert table.
#ncp.server_2_expert: TRUE
# Whether the NCP dissector should echo file open/close/oplock information to the expert table.
#ncp.file_2_expert: FALSE
(15 Jun '14, 14:52) Kurt Knochner ♦