Wireshark-users: Re: [Wireshark-users] Display Filter troubleshooting

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Hugo van der Kooij <hugo.van.der.kooij@xxxxx>
Date: Tue, 8 Dec 2015 08:23:45 +0000

Sake,

 

That’s right.

 

Oddly enough it took multiple attempts before wireshark was able to interprete this correctly.

But now it works.

 


Met vriendelijke groet / With kind regards,
Hugo van der Kooij
network engineer



Delft - Noord-Oost - Zuid


T: +31 15 888 0 345  F: +31 15 888 0 445
E: hugo.van.der.kooij@xxxxx  I:  www.qi.nl



Van: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] Namens Sake Blok
Verzonden: maandag 7 december 2015 21:01
Aan: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Onderwerp: Re: [Wireshark-users] Display Filter troubleshooting

 

Hugo,

 

You will need to use ${fwmon_if:eth1} if I read the friendly manual correctly (https://www.wireshark.org/docs/wsug_html_chunked/ChDisplayFilterMacrosSection.html)

 

Cheers,

Sake

 

 

 

On 7 dec 2015, at 11:05, Hugo van der Kooij wrote:



Hi,

 

I am trying to find where I did goof up in creating a display macro.

 

I want to create a short cut for commands like:

((fw1.interface == "eth1") && ((fw1.direction == "i") || (fw1.direction == "O")))

 

So I got this in my display macro file now:

# This file is automatically generated, DO NOT MODIFY.

"fwmon_if","((fw1.interface == \x22$1\x22) && ((fw1.direction == \x22i\x22) || (fw1.direction == \x22O\x22)))"

"fwmon_rtr","((fw1.interface == \x22$1\x22) && ((fw1.direction == \x22I\x22) || (fw1.direction == \x22o\x22)))"

 

But it seems Wireshark is not willing to accept my macro.

I can’t use for example:

            $fwmon_if{eth1}

 

So I guess I am doing something horribly wrong but can’t figure out where I made the mistake.

 

Anyone willing to share some light on this?

 

Regards,

Hugo

 

 

Met vriendelijke groet / With kind regards,

Hugo van der Kooij
network engineer

<imagee9e81a.JPG>

Delft - Noord-Oost - Zuid

<imagec005ef.PNG>

<image4b32f3.JPG>

<image9f897f.JPG>

<imagea1fbba.JPG>

 

T: +31 15 888 0 345 

F: +31 15 888 0 445

E: hugo.van.der.kooij@xxxxx 

I:  www.qi.nl

 

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe