Wireshark · Wireshark-dev: Re: [Wireshark-dev] Use of "." in abbrev field of ZigBee hf_register

Wireshark-dev: Re: [Wireshark-dev] Use of "." in abbrev field of ZigBee hf_register_info

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 22 Dec 2016 16:54:23 -0800

On Dec 22, 2016, at 4:29 PM, Chris Brandson <chris.brandson@xxxxxxxxx> wrote:

> It appears to be impossible to use external tools such as pyshark to extract field information from many of the fields in a ZigBee packet because many of the abbrev fields of the hf_register_info entries for the ZigBee dissectors more than one “.” .

If pyshark - or any other tool - assumes that there's a two-level name space for fields, it's making an incorrect assumption, and needs to be fixed to allow an arbitrary number of levels of hierarchy.  Protocol xxx might have a structured field called yyy, containing subfields, some of which themselves might be structured, so you might have a field named xxx.yyy.zzz.www, which is the www field of the zzz structured subfield of the yyy structured field of protocol xxx.

This is far from limited to the ZigBee dissector.

References:
- [Wireshark-dev] Use of "." in abbrev field of ZigBee hf_register_info
  - From: Chris Brandson

Prev by Date: [Wireshark-dev] Use of "." in abbrev field of ZigBee hf_register_info
Next by Date: Re: [Wireshark-dev] Extcap limitations?
Previous by thread: [Wireshark-dev] Use of "." in abbrev field of ZigBee hf_register_info
Next by thread: [Wireshark-dev] asn2wrs again
Index(es):
- Date
- Thread