Hi Matt,
putting all keywords in one item should work for you. You could use a display filter like
yourProtocol.yourFieldname contains "keyword_to_search_for"
That should find all packets with the desired keyword.
BTW, using "matches" (instead of contains) enables you to use regular expressions.
cheers
Mike
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Teto
Sent: Donnerstag, 27. Oktober 2011 11:54
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Is it still ok to create hidden items ?
Hi,
Just had a question about what's the best practice. I have a packet with a field contianing several keywords. I intend to split those keywords so that one can filter display based upon a keyword.
My problem is am compelled to display each keyword separately (one itemp per kewyord and group them in a subtree) or could I display all of them in one item in the main tree (my preference) and then create several hidden fields (one per keyword). I wonder if that last solution is good since I read in proto.h :
/* HIDING PROTOCOL FIELDS IS DEPRECATED, IT'S CONSIDERED TO BE BAD GUI DESIGN! */
What would you advise me ?
Matt
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
