On Jul 3, 2008, at 2:43 PM, Kumar, Hemant wrote:
What I want to know is that whether such a tree like structure which
appears in the details pane is possible in the Filter Expression
Dialog Box?
And I don't want to register fields like tcp.flags.syn rather
register them individually i.e. register flags separately, syn
separately and let the wireshark make the filter expression
depending upon the selection in the Filter expression dialog box.
That's not possible, and there's no workaround. You have to give
fields their full name. If you have several message types with a
"flags" field, *and* that "flags" field is the same in all those
message types, you could register a "proto.flags" field, and
"proto.flags.XXX" fields for the flags in the "flags" field.
As per my earlier mail, displaying the field list as a multi-level
tree could be done without that.