First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how to display column with doip user data using field name doip.data

I am using Wireshark 3.0.3 and I need to add a column that displays the field "doip.data". I expect to see a sequence of bytes for all of the doip packets however wireshark doesn't display anything in the column. can someone please help?

jmorenog's avatar
3
jmorenog
asked 2019-08-15 14:43:39 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Do you have a capture you can share on a public share, e.g. Google Drive, DropBox etc. ?

grahamb's avatar grahamb (2019-08-15 14:56:32 +0000) edit
more
  • delete

Hi, thanks for your comment:

https://drive.google.com/open?id=1-Yd...

jmorenog's avatar jmorenog (2019-08-15 15:10:27 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The doip.data field is only populated if the doip dissector cannot locate the UDS (Unified Diagnostic Services) dissector. As the UDS dissector is present and manages to dissect the DoIP messages in your capture, the field is not populated.

Oddly, disabling the UDS dissector still doesn't populate the field, but the data.data field is then available, you could try this if you must see the bytes in a column.

grahamb's avatar
23.8k
grahamb
answered 2019-08-15 15:41:14 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Graham, the data.data field does exactly what I wanted!. Thank you very much

jmorenog's avatar jmorenog (2019-08-15 17:58:57 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer