This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have an RPC sub-dissector and I want to highlight certain packets dissected by my subdissector in the traffic summary window (topmost pane of Wireshark GUI). I'm currently calling expert_add_info_format() from my dissector, and this successfully changes the color of the packet in the protocol tree of the detailed view (middle pane of Wireshark GUI), but for some reason it is not propagating this color change up to the same packet in the traffic summary window. Portmap and TCP are successfully highlighting various packets in the traffic summary window, so I know this feature is working in the build I have. I looked through the packet-portmap.c and packet-tcp.c source code for hints, but I can't figure out how they are making this color change. Am I missing something?

asked 27 Aug '11, 19:17

infiniteloop's gravatar image

infiniteloop
26225
accept rate: 0%


The coloring in the packet-list is handled by the "coloring rules" and not by the dissectors directly. If you open the frame details in the middle pane, you can see which coloring rule was responsible for the coloring and which filter was used by the coloring rule.

permanent link

answered 28 Aug '11, 01:23

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×18
×16
×3

question asked: 27 Aug '11, 19:17

question was seen: 2,555 times

last updated: 28 Aug '11, 01:23

p​o​w​e​r​e​d by O​S​Q​A