Wireshark-users: Re: [Wireshark-users] Name resolve a custom column
From: chuck c <bubbasnmp@xxxxxxxxx>
Date: Wed, 17 Jun 2020 11:41:52 -0500
Does the field you're using have a corresponding "resolved" field?
$ tshark -G fields | grep -i resolved
F nextRDNToBeResolved dsp.nextRDNToBeResolved FT_INT32 dsp BASE_DEC 0x0 INTEGER
F rdnsResolved dsp.rdnsResolved FT_INT32 dsp BASE_DEC 0x0 INTEGER
F Destination (resolved) eth.dst_resolved FT_STRING eth 0x0 Destination Hardware Address (resolved)
F Destination OUI (resolved) eth.dst.oui_resolved FT_STRING eth 0x0 Destination Organizationally Unique Identifier (resolved)
F Source (resolved) eth.src_resolved FT_STRING eth 0x0 Source Hardware Address (resolved)
F Source OUI (resolved) eth.src.oui_resolved FT_STRING eth 0x0 Source Organizationally Unique Identifier (resolved)
F Address (resolved) eth.addr_resolved FT_STRING eth 0x0 Source or Destination Hardware Address (resolved)
F Address OUI (resolved) eth.addr.oui_resolved FT_STRING eth 0x0 Address Organizationally Unique Identifier (resolved)
F Destination address (resolved) wlan.da_resolved FT_STRING wlan 0x0 Destination Hardware Address (resolved)
F Source address (resolved) wlan.sa_resolved FT_STRING wlan 0x0 Source Hardware Address (resolved)
F Hardware address (resolved) wlan.addr_resolved FT_STRING wlan 0x0 SA, DA, BSSID, RA or TA Hardware Address (resolved)
F Receiver address (resolved) wlan.ra_resolved FT_STRING wlan 0x0 Receiving Station Hardware Address (resolved)
F Transmitter address (resolved) wlan.ta_resolved FT_STRING wlan 0x0 Transmitting Station Hardware Address (resolved)
F BSS Id (resolved) wlan.bssid_resolved FT_STRING wlan 0x0 Basic Service Set ID (resolved)
F STA address (resolved) wlan.staa_resolved FT_STRING wlan 0x0 Station Hardware Address (resolved)
F resolQNLn mq.msgasy.resolqnln FT_UINT8 mq BASE_DEC 0x0 MSGASYNC Resolved Queue Name Length
F resolQNme mq.msgasy.resolqnme FT_STRINGZ mq 0x0 MSGASYNC Resolved Queue Name
F Resolved Q Name.. mq.od.resolvq FT_STRINGZ mq 0x0 OD resolved queue name
F Resolved QMgrName mq.od.resolvqmgr FT_STRINGZ mq 0x0 OD resolved queue manager name
F Resolv Obj Type.. mq.od.resolvedobjtype FT_UINT32 mq BASE_DEC 0x0 OD resolved object type
F ResQName. mq.gmo.resolvq FT_STRINGZ mq 0x0 GMO resolved queue name
F ResQName... mq.pmo.resolvq FT_STRINGZ mq 0x0 PMO resolved queue name
F ResQMgr.... mq.pmo.resolvqmgr FT_STRINGZ mq 0x0 PMO resolved queue manager name
F Dfs smb.flags2.dfs FT_BOOLEAN smb 16 0x1000 Can pathnames be resolved using Dfs?
F Unresolved value, Missing MIB snmp.missing_mib FT_NONE snmp 0x0
F Resolved U-RNTI mac.resolved_urnti FT_UINT32 mac BASE_HEX 0x0 The U-RNTI of the UE which is using the C-RNTI seen in this frame
F LDev_get_ACCO: can't resolve ACCO interface pointer cba.acco.interface_pointer_unresolved FT_NONE cba_pdev 0x0
F nextRDNToBeResolved dsp.nextRDNToBeResolved FT_INT32 dsp BASE_DEC 0x0 INTEGER
F rdnsResolved dsp.rdnsResolved FT_INT32 dsp BASE_DEC 0x0 INTEGER
F Destination (resolved) eth.dst_resolved FT_STRING eth 0x0 Destination Hardware Address (resolved)
F Destination OUI (resolved) eth.dst.oui_resolved FT_STRING eth 0x0 Destination Organizationally Unique Identifier (resolved)
F Source (resolved) eth.src_resolved FT_STRING eth 0x0 Source Hardware Address (resolved)
F Source OUI (resolved) eth.src.oui_resolved FT_STRING eth 0x0 Source Organizationally Unique Identifier (resolved)
F Address (resolved) eth.addr_resolved FT_STRING eth 0x0 Source or Destination Hardware Address (resolved)
F Address OUI (resolved) eth.addr.oui_resolved FT_STRING eth 0x0 Address Organizationally Unique Identifier (resolved)
F Destination address (resolved) wlan.da_resolved FT_STRING wlan 0x0 Destination Hardware Address (resolved)
F Source address (resolved) wlan.sa_resolved FT_STRING wlan 0x0 Source Hardware Address (resolved)
F Hardware address (resolved) wlan.addr_resolved FT_STRING wlan 0x0 SA, DA, BSSID, RA or TA Hardware Address (resolved)
F Receiver address (resolved) wlan.ra_resolved FT_STRING wlan 0x0 Receiving Station Hardware Address (resolved)
F Transmitter address (resolved) wlan.ta_resolved FT_STRING wlan 0x0 Transmitting Station Hardware Address (resolved)
F BSS Id (resolved) wlan.bssid_resolved FT_STRING wlan 0x0 Basic Service Set ID (resolved)
F STA address (resolved) wlan.staa_resolved FT_STRING wlan 0x0 Station Hardware Address (resolved)
F resolQNLn mq.msgasy.resolqnln FT_UINT8 mq BASE_DEC 0x0 MSGASYNC Resolved Queue Name Length
F resolQNme mq.msgasy.resolqnme FT_STRINGZ mq 0x0 MSGASYNC Resolved Queue Name
F Resolved Q Name.. mq.od.resolvq FT_STRINGZ mq 0x0 OD resolved queue name
F Resolved QMgrName mq.od.resolvqmgr FT_STRINGZ mq 0x0 OD resolved queue manager name
F Resolv Obj Type.. mq.od.resolvedobjtype FT_UINT32 mq BASE_DEC 0x0 OD resolved object type
F ResQName. mq.gmo.resolvq FT_STRINGZ mq 0x0 GMO resolved queue name
F ResQName... mq.pmo.resolvq FT_STRINGZ mq 0x0 PMO resolved queue name
F ResQMgr.... mq.pmo.resolvqmgr FT_STRINGZ mq 0x0 PMO resolved queue manager name
F Dfs smb.flags2.dfs FT_BOOLEAN smb 16 0x1000 Can pathnames be resolved using Dfs?
F Unresolved value, Missing MIB snmp.missing_mib FT_NONE snmp 0x0
F Resolved U-RNTI mac.resolved_urnti FT_UINT32 mac BASE_HEX 0x0 The U-RNTI of the UE which is using the C-RNTI seen in this frame
F LDev_get_ACCO: can't resolve ACCO interface pointer cba.acco.interface_pointer_unresolved FT_NONE cba_pdev 0x0
On Wed, Jun 17, 2020 at 11:24 AM Sri <sriganeshkini@xxxxxxxxx> wrote:
When a Custom Column is created, how can it be displayed with a resolved name?___________________________________________________________________________Even when I select a resolved field in the Packet Details pane and right-click to choose 'Apply as a Column', the column in the Packet List pane is not name resolved.
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- Prev by Date: [Wireshark-users] Name resolve a custom column
- Next by Date: [Wireshark-users] Leverage wireshark dissection tree in a 3rd party program
- Previous by thread: [Wireshark-users] Name resolve a custom column
- Next by thread: Re: [Wireshark-users] Name resolve a custom column
- Index(es):