Wireshark · Wireshark-dev: Re: [Wireshark-dev] Packet Diagram shows only raw bytes of a subtree instead of individual fields

[Graham Bloice <graham.bloice@xxxxxxxxxxxxx>]

On Thu, 26 Nov 2020 at 18:19, Maynard, Christopher via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx> wrote:

Many protocols contain subtrees, such as a header with various fields that are part of the header, and it’s convenient/logical to group those fields within the header subtree.  However, doing so results in a Packet Diagram that only shows the raw bytes of the subtree rather than the individual fields contained within the subtree.

 

So either I’m doing something wrong, in which case I welcome any suggestions for improving the display, or there seems to be a current limitation to the way the Packet Diagram behaves with respect to subtrees.  Has anyone else noticed this?

 

I see something similar with the DNP3 dissector where I have multiple subtrees,  but the packet diagram only shows the first two and not the elements in those trees either.  Admittedly the DNP3 tree is a bit odd and the Data Chunks should really be a child of the Data Link Layer.

This might be caused by the tree items being text, a summary of the sub-tree contents.

As an example, I’ve crafted together a Lua dissector for a fictional protocol, “Foo” along with an associated sample capture file to illustrate what I mean.  I’ve also attached an image of the Packet Diagram showing the “Foo Header” as raw bytes only.  What would be nicer to see are the individual header fields themselves, such as for this example:

 

Foo Header:

 

0            15 16            31

+-------------------------------+

|             Magic             |

+---------------+---------------+

|     Type      |     Length    |

+---------------+---------------+

 

Is there a way to achieve this while still grouping the fields within a subtree?

 

Thanks.

- Chris

 

 

--

Graham Bloice