I have an RPC sub-dissector and I want to highlight certain packets dissected by my subdissector in the traffic summary window (topmost pane of Wireshark GUI). I'm currently calling expert_add_info_format() from my dissector, and this successfully changes the color of the packet in the protocol tree of the detailed view (middle pane of Wireshark GUI), but for some reason it is not propagating this color change up to the same packet in the traffic summary window. Portmap and TCP are successfully highlighting various packets in the traffic summary window, so I know this feature is working in the build I have. I looked through the packet-portmap.c and packet-tcp.c source code for hints, but I can't figure out how they are making this color change. Am I missing something? asked 27 Aug '11, 19:17 infiniteloop |
One Answer:
The coloring in the packet-list is handled by the "coloring rules" and not by the dissectors directly. If you open the frame details in the middle pane, you can see which coloring rule was responsible for the coloring and which filter was used by the coloring rule. answered 28 Aug '11, 01:23 SYN-bit ♦♦ |