Wireshark-dev: Re: [Wireshark-dev] Reduce the number of "fixed columns"?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 18 Aug 2009 08:02:16 +0200
Hi,

So what you say is keep the metadata and generic protocol elements, the rest is protocol specific and should go through custom columns.
I can agree with that.

Thanx,
Jaap

Martin Visser wrote:
My take below,
'
With no firm evidence, I would bet that 90% of users are doing pretty much vanilla Ethernet packet captures, which is reflected in my thoughts below. That said, I know I often do 802.11 based captures, but am not interested in physical layer information all that much. (And I know someone might argue for instance why included 802.1q VLAN tags, which is very interface specific). Knowing that I can create a custom column for them is all I generally need. I also like to see fields tcp.analysis.ack_rtt or even tcp.stream, but I wouldn't expect a pre-existing column to defined for them.


Regards, Martin

MartinVisser99@xxxxxxxxx <mailto:MartinVisser99@xxxxxxxxx>


On Sun, Aug 16, 2009 at 7:17 AM, Anders Broman <a.broman@xxxxxxxxx <mailto:a.broman@xxxxxxxxx>> wrote:

    Hi,

    Now when we have custom columns could we get rid of some of the
    “fixed” columns?

    It seems to me that some are not of a general interest.

    This is  the column enum:

      COL_8021Q_VLAN_ID,  /* 0) 802.1Q vlan ID */ ****Keep****

      COL_ABS_DATE_TIME,  /* 1) Absolute date and time */ ****Keep****

      COL_ABS_TIME,       /* 2) Absolute time */ ****Keep****

      COL_CIRCUIT_ID,     /* 3) Circuit ID */ ****Keep****

      COL_DSTIDX,         /* 4) Dst port idx - Cisco MDS-specific */*
    *****Retire****

      COL_SRCIDX,         /* 5) Src port idx - Cisco MDS-specific */*
    *****Retire****

      COL_VSAN,           /* 6) VSAN - Cisco MDS-specific */*
    *****Retire****

      COL_CUMULATIVE_BYTES, /* 7) Cumulative number of bytes */* ***Keep****

      COL_CUSTOM,         /* 8) Custom column (any filter name's
    contents) */ ****Keep****

      COL_DCE_CALL,       /* 9) DCE/RPC connection oriented call id OR
    datagram sequence number */* *****Retire****

      COL_DCE_CTX,        /* 10) DCE/RPC connection oriented context id
    */* *****Retire****

      COL_DELTA_TIME,     /* 11) Delta time */* ***Keep****

      COL_DELTA_CONV_TIME,/* 12) Delta time to last frame in
    conversation */* ***Keep****

      COL_DELTA_TIME_DIS, /* 13) Delta time displayed*/* ***Keep****

      COL_RES_DST,        /* 14) Resolved dest */* ***Keep****

      COL_UNRES_DST,      /* 15) Unresolved dest */* ***Keep****

      COL_RES_DST_PORT,   /* 16) Resolved dest port */* ***Keep****

      COL_UNRES_DST_PORT, /* 17) Unresolved dest port */* ***Keep****

      COL_DEF_DST,        /* 18) Destination address */* ***Keep****

      COL_DEF_DST_PORT,   /* 19) Destination port */* ***Keep****

      COL_EXPERT,         /* 20) Expert Info */* ***Keep****

      COL_IF_DIR,         /* 21) FW-1 monitor interface/direction */*
    *****Retire****

      COL_OXID,           /* 22) Fibre Channel OXID */* *****Retire****

      COL_RXID,           /* 23) Fibre Channel RXID */* *****Retire****

      COL_FR_DLCI,        /* 24) Frame Relay DLCI */* *****Retire****

      COL_FREQ_CHAN,      /* 25) IEEE 802.11 (and WiMax?) - Channel */*
    *****Retire****

      COL_BSSGP_TLLI,     /* 26) GPRS BSSGP IE TLLI */* *****Retire****

      COL_HPUX_DEVID,     /* 27) HP-UX Nettl Device ID */* *****Retire****

      COL_HPUX_SUBSYS,    /* 28) HP-UX Nettl Subsystem */* *****Retire****

      COL_DEF_DL_DST,     /* 29) Data link layer dest address */*
    ***Keep****

      COL_DEF_DL_SRC,     /* 30) Data link layer source address */*
    ***Keep****

      COL_RES_DL_DST,     /* 31) Resolved DL dest */* ***Keep****

      COL_UNRES_DL_DST,   /* 32) Unresolved DL dest */* ***Keep****

      COL_RES_DL_SRC,     /* 33) Resolved DL source */* ***Keep****

      COL_UNRES_DL_SRC,   /* 34) Unresolved DL source */* ***Keep****

      COL_RSSI,           /* 35) IEEE 802.11 - received signal strength
    */* *****Retire****

      COL_TX_RATE,        /* 36) IEEE 802.11 - TX rate in Mbps */*
    *****Retire****

      COL_DSCP_VALUE,     /* 37) IP DSCP Value */* *****Retire****

      COL_INFO,           /* 38) Description */* ***Keep****

      COL_COS_VALUE,      /* 39) L2 COS Value */* *****Retire****

      COL_RES_NET_DST,    /* 40) Resolved net dest */* ***Keep****

      COL_UNRES_NET_DST,  /* 41) Unresolved net dest */* ***Keep****

      COL_RES_NET_SRC,    /* 42) Resolved net source */* ***Keep****

      COL_UNRES_NET_SRC,  /* 43) Unresolved net source */* ***Keep****

      COL_DEF_NET_DST,    /* 44) Network layer dest address */* ***Keep****

      COL_DEF_NET_SRC,    /* 45) Network layer source address */*
    ***Keep****

      COL_NUMBER,         /* 46) Packet list item number */* ***Keep****

      COL_PACKET_LENGTH,  /* 47) Packet length in bytes */* ***Keep****

      COL_PROTOCOL,       /* 48) Protocol */* ***Keep****

      COL_REL_TIME,       /* 49) Relative time */* ***Keep****

      COL_REL_CONV_TIME,  /* 50) Relative time to beginning of
    conversation */* ***Keep****

      COL_DEF_SRC,        /* 51) Source address */* ***Keep****

      COL_DEF_SRC_PORT,   /* 52) Source port */* ***Keep****

      COL_RES_SRC,        /* 53) Resolved source */* ***Keep****

      COL_UNRES_SRC,      /* 54) Unresolved source */* ***Keep****

      COL_RES_SRC_PORT,   /* 55) Resolved source port */* ***Keep****

      COL_UNRES_SRC_PORT, /* 56) Unresolved source port */* ***Keep****

      COL_TEI,            /* 57) Q.921 TEI */* *****Retire****

      COL_CLS_TIME,       /* 58) Command line-specified time (default
    relative) */* ***Keep****

      NUM_COL_FMTS        /* 59) Should always be last */* ***Keep****

    Could some be retired? If so suggestions would be welcome J

    Regards

    Anders