On Mar 31, 2009, at 11:32 AM, gogrady@xxxxxxxxx wrote:
now i want to be able to filter out the two in wireshark, which i
thought would be icom.type=1 for heartbeat, or icom.type=2 for data.
But that doesnt seem to work. i added a line to see what
hf_icom_bnp_type is equal to:
proto_tree_add_text(icom_message_tree, tvb, 0, 0, "BNP: %d",
hf_icom_bnp_type);
and it returns 79353 everytime. Does anyone know what the problem is?
It's not that hf_icom_bnp_type is 79353 - it's not the value of the
field, it's the index into a table inside Wireshark of all the fields
that Wireshark knows about.
Add a line to make sure that
bnp = proto_tree_add_item(icom_tree, hf_icom_bnp_type, tvb, offset,
1, FALSE); offset += 1;
is being executed *and* that icom_tree is non-null when you're trying
to filter (I'd suggest printing debugging something to the standard
error), or use a debugger to do that.