I have a couple of extensions that I created for the Wireshark baseline that we're using (1.10.x). The diffs to proto.h and proto.c show the code changes to add a couple of features that I've found useful, unit strings and hiding the bits for bitmask header fields.
http://codepad.org/KTGdEL1t
I intended to try to integrate them into the latest development, but I keep kicking it out since it's low priority on my schedule at the moment (it's been a few months and I still haven't gotten around to it). I figured that if anyone is curious enough to look at it, maybe there'd be discussion whether either feature has value making it into the main line of development.
The differences between 1.10 and master seemed significant enough that I haven't tried to make a patch for that yet.
Just looking for feedback either way.
On a unrelated note, is there some way to begin a capture in wireshark (or one of its tools) when a packet matches a filter expression? For example, I have a specific packet that triggers some process on the system, and I want to capture for the next 2 minutes and then stop.
Thanks,
John D.
<<winmail.dat>>