On Dec 22, 2016, at 4:29 PM, Chris Brandson <chris.brandson@xxxxxxxxx> wrote:
> It appears to be impossible to use external tools such as pyshark to extract field information from many of the fields in a ZigBee packet because many of the abbrev fields of the hf_register_info entries for the ZigBee dissectors more than one “.” .
If pyshark - or any other tool - assumes that there's a two-level name space for fields, it's making an incorrect assumption, and needs to be fixed to allow an arbitrary number of levels of hierarchy. Protocol xxx might have a structured field called yyy, containing subfields, some of which themselves might be structured, so you might have a field named xxx.yyy.zzz.www, which is the www field of the zzz structured subfield of the yyy structured field of protocol xxx.
This is far from limited to the ZigBee dissector.