This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

proto_tree_add_item new line

0

The proto_tree_add_item displays each filter in a newline in the CLI. Is there a way to display the filters in the same line.

Ex.

    proto_tree_add_uint(tree, hf_s1, tvb, 0, 1, s1);    
    proto_tree_add_uint(tree, hf_s2, tvb, 0, 1, s2);

I want them to be s1 and s2 to be displayed in the same line as

    s1 : 12,  s2 : 13

rather than

   s1 : 12
   s2 : 13

asked 28 Sep '15, 04:03

samprit's gravatar image

samprit
6467
accept rate: 0%

edited 30 Sep '15, 03:01


2 Answers:

0

Not for a filter (I think you actually mean an hf item). The text for each entry can be built from multiple packets in the frame, or synthesise out of thin air if you wish though.

answered 28 Sep '15, 07:38

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Yes, I meant an hf item. How to display different hf items in the same line in CLI.

(28 Sep '15, 07:46) samprit

0

The only way to display multiple fields on the same line is to use the -T fields option to TShark, for example

tshark -r inputfile -T fields -e ip.src -e ip.dst -e ip.ttl

which will show the IPv4 source address, destination address, and TTL on the same line. If any of those fields are missing, it will show a blank, so, for example, non-IPv4 packets will show a blank line.

answered 28 Sep '15, 14:32

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%