Wiresharkers
My filtering does come up in the GUI wireshark window (when I type in
helen.)...but when I hit the "apply" button on (for example: )
helen.flowname =="SA_EX ".. I get no matches.
Here is what I have in the code:
static gint hf_helen_flowname = -1;
static gint ett_helen_flowname = -1;
{ &hf_helen_flowname,
{ "Flowname", "helen.flowname", FT_STRING, BASE_NONE, NULL, 0x0,
"Flowname", HFILL}},
&ett_helen_flowname,
proto_tree_add_string_format(helen_sub_tree, hf_helen_flowname, tvb,
offset, 8, 0,
"Flowname: %s", flowname);
In the tree... I will get as output: Flowname: SA_EX
So in theory... I should be able to do: helen.flowname == "SA_EX"
correct..??
But when I do this... I get no matches.
Anybody know why..?? Or am I filtering wrong..??
Thanks,
Brian