This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I query the ‘info’ field?

0

How do I query the 'info' field?

The following: info contains "mysql" produces error that it's not a field or protocol name. But 'info' is a field. It's the last field in the display on the right. I've tried uppercase and lowercase.

asked 03 Jun '16, 07:19

jtl's gravatar image

jtl
11113
accept rate: 0%

One Answer:

1

'info' is a column, therefore not a field. The term field is restricted to dissected parts of the frame, or generated thereof. Columns can be filled based on these fields, or from other sources. Therefore you cannot use a display filter on the info column.

answered 03 Jun '16, 07:49

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

On the other hand, the Info column can be queried using tshark and some external tools such as findstr or grep. As an example, see my answer to this question.

(03 Jun '16, 18:00) cmaynard ♦♦