Yes, this is exactly what I was looking for. Thanks!
I had forgotten I could use tshark to output the trace in pdml and then
look for the field names.
Thanks again, -Nathan
On 7/25/2008 7:00 AM, Abhik Sarkar wrote:
Hi Nathan,
Would using the tcp.analysis.lost_segment and other display filters
from the tcp.analysis family not meet your requirement? Or do you
specifically want to have display filters on expert analysis items for
a broader scope?
Regards,
Abhik.
On Fri, Jul 25, 2008 at 7:12 AM, Nathan Jennings <njen@xxxxxxxxxxxx> wrote:
Hello,
Is there a way to use the display filter syntax to filter packets based
on the expert/tcp analysis output (strings)?
What I'd like to do is construct a display filter that matches an
expert/tcp analysis string like "TCP segment lost", or something
similar. I could then use this filter in the IO Graph window to
show/highlight the affected packets in the line graph.
I looked at the wishlist on the Wiki but didn't see anything.
Any ideas on how difficult this might be to implement? Maybe point me to
where I might get started?
Thanks, -Nathan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
