Wireshark-dev: Re: [Wireshark-dev] Reduce the number of "fixed columns"?
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 18 Aug 2009 08:02:16 +0200
Hi,So what you say is keep the metadata and generic protocol elements, the rest is protocol specific and should go through custom columns.
I can agree with that. Thanx, Jaap Martin Visser wrote:
My take below, 'With no firm evidence, I would bet that 90% of users are doing pretty much vanilla Ethernet packet captures, which is reflected in my thoughts below. That said, I know I often do 802.11 based captures, but am not interested in physical layer information all that much. (And I know someone might argue for instance why included 802.1q VLAN tags, which is very interface specific). Knowing that I can create a custom column for them is all I generally need. I also like to see fields tcp.analysis.ack_rtt or even tcp.stream, but I wouldn't expect a pre-existing column to defined for them.Regards, Martin MartinVisser99@xxxxxxxxx <mailto:MartinVisser99@xxxxxxxxx>On Sun, Aug 16, 2009 at 7:17 AM, Anders Broman <a.broman@xxxxxxxxx <mailto:a.broman@xxxxxxxxx>> wrote:Hi, Now when we have custom columns could we get rid of some of the “fixed” columns? It seems to me that some are not of a general interest.This is the column enum: COL_8021Q_VLAN_ID, /* 0) 802.1Q vlan ID */ ****Keep**** COL_ABS_DATE_TIME, /* 1) Absolute date and time */ ****Keep**** COL_ABS_TIME, /* 2) Absolute time */ ****Keep**** COL_CIRCUIT_ID, /* 3) Circuit ID */ ****Keep**** COL_DSTIDX, /* 4) Dst port idx - Cisco MDS-specific */* *****Retire**** COL_SRCIDX, /* 5) Src port idx - Cisco MDS-specific */* *****Retire**** COL_VSAN, /* 6) VSAN - Cisco MDS-specific */* *****Retire**** COL_CUMULATIVE_BYTES, /* 7) Cumulative number of bytes */* ***Keep**** COL_CUSTOM, /* 8) Custom column (any filter name's contents) */ ****Keep**** COL_DCE_CALL, /* 9) DCE/RPC connection oriented call id OR datagram sequence number */* *****Retire**** COL_DCE_CTX, /* 10) DCE/RPC connection oriented context id */* *****Retire**** COL_DELTA_TIME, /* 11) Delta time */* ***Keep**** COL_DELTA_CONV_TIME,/* 12) Delta time to last frame in conversation */* ***Keep**** COL_DELTA_TIME_DIS, /* 13) Delta time displayed*/* ***Keep**** COL_RES_DST, /* 14) Resolved dest */* ***Keep**** COL_UNRES_DST, /* 15) Unresolved dest */* ***Keep**** COL_RES_DST_PORT, /* 16) Resolved dest port */* ***Keep**** COL_UNRES_DST_PORT, /* 17) Unresolved dest port */* ***Keep**** COL_DEF_DST, /* 18) Destination address */* ***Keep**** COL_DEF_DST_PORT, /* 19) Destination port */* ***Keep**** COL_EXPERT, /* 20) Expert Info */* ***Keep**** COL_IF_DIR, /* 21) FW-1 monitor interface/direction */* *****Retire**** COL_OXID, /* 22) Fibre Channel OXID */* *****Retire**** COL_RXID, /* 23) Fibre Channel RXID */* *****Retire**** COL_FR_DLCI, /* 24) Frame Relay DLCI */* *****Retire**** COL_FREQ_CHAN, /* 25) IEEE 802.11 (and WiMax?) - Channel */* *****Retire**** COL_BSSGP_TLLI, /* 26) GPRS BSSGP IE TLLI */* *****Retire**** COL_HPUX_DEVID, /* 27) HP-UX Nettl Device ID */* *****Retire**** COL_HPUX_SUBSYS, /* 28) HP-UX Nettl Subsystem */* *****Retire**** COL_DEF_DL_DST, /* 29) Data link layer dest address */* ***Keep**** COL_DEF_DL_SRC, /* 30) Data link layer source address */* ***Keep**** COL_RES_DL_DST, /* 31) Resolved DL dest */* ***Keep**** COL_UNRES_DL_DST, /* 32) Unresolved DL dest */* ***Keep**** COL_RES_DL_SRC, /* 33) Resolved DL source */* ***Keep**** COL_UNRES_DL_SRC, /* 34) Unresolved DL source */* ***Keep**** COL_RSSI, /* 35) IEEE 802.11 - received signal strength */* *****Retire**** COL_TX_RATE, /* 36) IEEE 802.11 - TX rate in Mbps */* *****Retire**** COL_DSCP_VALUE, /* 37) IP DSCP Value */* *****Retire**** COL_INFO, /* 38) Description */* ***Keep**** COL_COS_VALUE, /* 39) L2 COS Value */* *****Retire**** COL_RES_NET_DST, /* 40) Resolved net dest */* ***Keep**** COL_UNRES_NET_DST, /* 41) Unresolved net dest */* ***Keep**** COL_RES_NET_SRC, /* 42) Resolved net source */* ***Keep**** COL_UNRES_NET_SRC, /* 43) Unresolved net source */* ***Keep**** COL_DEF_NET_DST, /* 44) Network layer dest address */* ***Keep**** COL_DEF_NET_SRC, /* 45) Network layer source address */* ***Keep**** COL_NUMBER, /* 46) Packet list item number */* ***Keep**** COL_PACKET_LENGTH, /* 47) Packet length in bytes */* ***Keep**** COL_PROTOCOL, /* 48) Protocol */* ***Keep**** COL_REL_TIME, /* 49) Relative time */* ***Keep**** COL_REL_CONV_TIME, /* 50) Relative time to beginning of conversation */* ***Keep**** COL_DEF_SRC, /* 51) Source address */* ***Keep**** COL_DEF_SRC_PORT, /* 52) Source port */* ***Keep**** COL_RES_SRC, /* 53) Resolved source */* ***Keep**** COL_UNRES_SRC, /* 54) Unresolved source */* ***Keep**** COL_RES_SRC_PORT, /* 55) Resolved source port */* ***Keep**** COL_UNRES_SRC_PORT, /* 56) Unresolved source port */* ***Keep**** COL_TEI, /* 57) Q.921 TEI */* *****Retire**** COL_CLS_TIME, /* 58) Command line-specified time (default relative) */* ***Keep**** NUM_COL_FMTS /* 59) Should always be last */* ***Keep****Could some be retired? If so suggestions would be welcome J Regards Anders
- Follow-Ups:
- Re: [Wireshark-dev] Reduce the number of "fixed columns"?
- From: Kovarththanan Rajaratnam
- Re: [Wireshark-dev] Reduce the number of "fixed columns"?
- References:
- [Wireshark-dev] Reduce the number of "fixed columns"?
- From: Anders Broman
- Re: [Wireshark-dev] Reduce the number of "fixed columns"?
- From: Martin Visser
- [Wireshark-dev] Reduce the number of "fixed columns"?
- Prev by Date: Re: [Wireshark-dev] Reduce the number of "fixed columns"?
- Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86
- Previous by thread: Re: [Wireshark-dev] Reduce the number of "fixed columns"?
- Next by thread: Re: [Wireshark-dev] Reduce the number of "fixed columns"?
- Index(es):