http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1806
------- Comment #4 from todd.martin@xxxxxxx 2007-08-28 19:29 GMT -------
(In reply to comment #3)
> I've derived "ip.ttl < 5" from the default coloring rules shipped with WS. Do
> we want to change that coloring rule accordingly? If yes, how should a better
> rule look like?
>
I never really payed attention to those coloring rules, but I see what you are
getting at. A hackish way that works for me is to change the TTL rule to this:
ip.ttl < 5 && !ip.dst_host matches "224.0.0.*"
I would rather be able to match on ip.dst instead, but I don't see where the
display filters support that kind of operation.
I guess another alternative would be to add a hidden tree item like
ip.dst.local_network_control_block and use that in the coloring rules.
I'm still new at hacking on wireshark, so I'll go along with whatever you think
is best.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.