Wireshark · Wireshark-dev: [Wireshark-dev] Mentioning encapsulation type in Protocol column

Wireshark-dev: [Wireshark-dev] Mentioning encapsulation type in Protocol column

From: Lori Jakab <ljakab@xxxxxxxxxx>

Date: Tue, 13 Mar 2012 16:38:28 +0100

Hi,

AFAIK, currently the protocol displayed in the Protocol column of
Wireshark is that of the last dissector called on the packet. This makes
it difficult to distinguish among packets with or without some type of
encapsulation, unless filtering is employed. That is, a "regular" ICMP
packet and a GRE encapsulated ICMP packet are both simply listed as ICMP.

It would be a great feature to be able to see at a glance, when
monitoring all traffic (especially with tshark), which packets are GRE
or LISP (or any other encapsulating header) encapsulated. So, with the
example above, instead of showing just ICMP, the Protocol field would
display ICMP/GRE or ICMP/LISP.

Is this possible with the current API? I couldn't find a way to do this.
If not, would it be easy to implement? And if there is no interest among
the main developers to provide this feature, would a patch implementing
this be accepted? Would someone mentor work on such a patch?

Thanks,
-Lori Jakab
author of the LISP dissector

Follow-Ups:
- Re: [Wireshark-dev] Mentioning encapsulation type in Protocol column
  - From: Martin Kaiser

Prev by Date: Re: [Wireshark-dev] Win32 Buildbot failing with "Capture 10 packets" Failed! exit status of ../wireshark-gtk2/wireshark -k: 127
Next by Date: Re: [Wireshark-dev] [tcpdump-workers] regarding wireless data frames
Previous by thread: Re: [Wireshark-dev] RTP Payload Type for MIDI
Next by thread: Re: [Wireshark-dev] Mentioning encapsulation type in Protocol column
Index(es):
- Date
- Thread