Wireshark-users: [Wireshark-users] Display Filter troubleshooting
|
Hi, I am trying to find where I did goof up in creating a display macro. I want to create a short cut for commands like: ((fw1.interface == "eth1") && ((fw1.direction == "i") || (fw1.direction == "O"))) So I got this in my display macro file now: # This file is automatically generated, DO NOT MODIFY. "fwmon_if","((fw1.interface == \x22$1\x22) && ((fw1.direction == \x22i\x22) || (fw1.direction == \x22O\x22)))" "fwmon_rtr","((fw1.interface == \x22$1\x22) && ((fw1.direction == \x22I\x22) || (fw1.direction == \x22o\x22)))" But it seems Wireshark is not willing to accept my macro. I can’t use for example:
$fwmon_if{eth1} So I guess I am doing something horribly wrong but can’t figure out where I made the mistake. Anyone willing to share some light on this? Regards, Hugo Met vriendelijke groet / With kind regards,
|
- Follow-Ups:
- Re: [Wireshark-users] Display Filter troubleshooting
- From: Sake Blok
- Re: [Wireshark-users] Display Filter troubleshooting
- Prev by Date: [Wireshark-users] Problem playing RTP+AMR decoded call
- Next by Date: Re: [Wireshark-users] Display Filter troubleshooting
- Previous by thread: Re: [Wireshark-users] Problem playing RTP+AMR decoded call
- Next by thread: Re: [Wireshark-users] Display Filter troubleshooting
- Index(es):