First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

other .time fields (like dns.time, http.time)

  • retag add tags

Hi, I'm brand new to wireshark and I spotted a feature where you can add your own columns to the Packet List.

I'm interested to have a single column that displays things like dns.time, http.time and any other ".time" fields that there are.

  1. Where can I find the different protocols that take ".time" at the end of them? I searched on the wiki.wireshark.org but I didn't find anything. I want to set this up once and have it work for all different protocols that I might encounter
  2. I imagine this can get pretty messy, so can I name all of the items in the "Fields" field as for example "George" and then edit George to keep things neat?

Sorry if I broke any rules before posting, I rarely read those. Thanks for your time and wash your hands

aneom's avatar
3
aneom
asked 2020-04-05 13:54:31 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

No guarantee this will find all of them:

https://code.wireshark.org/review/gitweb?p=wireshark.git&a=search&h=HEAD&st=grep&s=.time%22


The grep is for .time"

You can display multiple fields in the Fields: for a column:

dns.time or http.time
Chuckc's avatar
3k
Chuckc
answered 2020-04-05 14:12:02 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I forgot to attach a screenshot, I'm already using the dns.time || http.time format, I was just looking for a way to have just one word written in the "Fields" field, like a global variable or a list or something. Thanks a lot for your answer, have a good day!

EDIT: it appears that I cannot add a screenshot because I don't have 60 points yet. Whatever

aneom's avatar aneom (2020-04-05 14:15:40 +0000) edit
more
  • delete

You could store it in a Display Filter Macro but would have to copy the macro definition to the column Fields: when it changes.

"time_fields","dns.time or http.time"


If its something that you think would be used often, file an enhancement request

Chuckc's avatar Chuckc (2020-04-05 14:39:22 +0000) edit
more
  • delete

I got everything I need now, thank you!

aneom's avatar aneom (2020-04-05 15:08:20 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer