Hi there, I'm looking to do some analyses of my car with Wireshark in live capture mode. However, I find it difficult to analyse the data live, even when using filters. I was wondering if it would be possible to "lock the view" in wireshark so that I e.g. specify 10 message IDs that I want to "stay in place" on my screen, while allowing the values of these IDs to change? I.e. one message ID could relate to vehicle speed and it would constantly be the top message in the interface - but the value would change as the speed changes. Does this already exist? If not, is it possible to code this up? Thank you, Martin asked 10 May '17, 14:20  mfcss |
One Answer:
No.
It would probably be extremely difficult to make the packet list work that way. However, it would probably be not too hard to write a tap for your protocol that could be given a list of message IDs and displays the values corresponding to those message IDs, updating them as new packets arrive. See this page on writing taps in Lua and the README.tapping document. At least for writing a tap in C++, you'll probably need to read the Qt documentation as well. answered 10 May '17, 21:57  Guy Harris ♦♦ |
