Isn't _something_ like what you want already present. I agree it is
not _exactly_ the same, but it is very similar. Taking your example of
the TCP protocol:
- Select any frame.
- In the Packet Details pane
- click + to expand the TCP protocol
- click + to expand the Flags.
- Select a flag of your choice (e.g. SYN)
- Right-click and choose "Prepare a filter > Selected", and
""tcp.flags.syn == X" appears in the display filter field!
Regards,
Abhik.
On Thu, Jul 3, 2008 at 11:09 PM, Kumar, Hemant <kumarh@xxxxxxxxxxxx> wrote:
> So that if user wants to select fetch all the messages having subfield == X
>
> He should go in the expression window and not put Protocol.Field.subfield ==
> X, but rather just go on hitting on the + buttons and the subtree should
> appear below it and he can set the parameter for that field and the
> wireshark will automatically form the expression based on the user selction
> of trees and subtrees so basically I don't want to put
>
>
>
> Protocol.Field.subfield beforehand in the expression window but rather just
> firstly just Protocol will appear then on hitting + for protocol, Field will
> apper and then on hittin + for Field subfield should appear and then user
> can set subfield == x and in the expression bar, automatically wireshark
> will put the expression Protocol.Field.subfield.