Home page logo

wireshark logo Wireshark mailing list archives

Adding an optional expert field to colouring rules?
From: Martin Mathieson <martin.r.mathieson () googlemail com>
Date: Tue, 6 Aug 2013 13:21:39 +0100


I sometimes add colouring rules for some condition I am only interested in
for a short time (i.e. its not worth adding expert info for to the relevant
dissector).  Then, I want to quickly find the frames that match that
condition.  I realise that I can use filtering rules such as:

frame.coloring_rule.name == "The Rule Name"

but it would be convenient to have a field where I could choose the
severity of the expert item (including, as default, none).  Then, when a
rule matches, expert info would be added (using the rule name), and I could
- see that the condition happened (if it causes the circle to change colour)
- see how many times it happened
- browse to instances from the expert info window

Would others find this feature useful?  Would it seem wrong to
configure/generate expert info from 'Coloring Rules...' ?  The expert info
item itself would be in the 'Frame' tree, rather than at the item for the
display filters used in the rule filter expression.

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
  • Adding an optional expert field to colouring rules? Martin Mathieson (Aug 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]