Wireshark-dev: Re: [Wireshark-dev] [Ethereal-dev] displaying multiple pdu's in one packet as mu
[Reply moved to wireshark-dev; hopefully the folks only on ethereal-dev
don't mind...]
Guy Harris wrote:
Jeff Morriss wrote:
That works up to a point (that point being when the Info column is so
long it scrolls off the right of the screen!). I think, though, that
having some way of viewing the payload PDUs separately would be
useful. I just haven't thought of how that could be done.
One possibility might be to have the packet list be a "tree view" widget
rather than a "list view" widget; if a given link-layer packet has data
from more than one higher-level packet in it, the top-level row for the
packet might be a summary of all the higher-level packets, and if you
open it up you'd see the individual summary lines for each of the packets.
You mean something like:
Frame Time Source Dest. Prot. Info
[+]1 0.000 1234 5678 M3UA DAUD DAUD DAUD DAUD [...]
and then:
Frame Time Source Dest. Prot. Info
[-]1 0.000 myhost1 myhost2 SCTP 4 DATA chunks
1.1 0.000 1234 5678 M3UA DAUD
1.2 0.000 1234 5678 M3UA DAUD
1.3 0.000 1234 5678 M3UA DAUD
1.4 0.000 1234 5678 M3UA DAUD
?
I suppose clicking on the top-level item would show you the whole frame
in the Packet Details pane but selecting one of the lower-level items
would show you just that part of the packet?
An advantage of doing this is that the source, destination, and probably
other columns could, at least when the tree is expanded, be set to
values that make sense for that packet (instead of being set to whatever
the last packet in the frame was). For example:
Frame Time Source Dest. Prot. Info
[+]1 0.000 9876 5432 ISUP DAUD DAUD DAUD IAM
and then:
Frame Time Source Dest. Prot. Info
[-]1 0.000 myhost1 myhost2 SCTP 4 DATA chunks
1.1 0.000 1234 5678 M3UA DAUD
1.2 0.000 1234 5678 M3UA DAUD
1.3 0.000 1234 5678 M3UA DAUD
1.4 0.000 9876 5432 ISUP IAM
Sounds great to me... (Though I'm not volunteering to look at it
because I'm pretty certain that'd be over my head!)
