Wireshark - 1.0 Betriebsanweisung
infos will be combined into a single line - with a count column showing how often they appeared in
the capture file. Clicking on the plus sign shows the individual packet numbers in a tree view.
the capture file. Clicking on the plus sign shows the individual packet numbers in a tree view.
7.3.2.2. Details tab
The Details tab provides the expert infos in a "log like" view, each entry on its own line (much like
the packet list). As the amount of expert infos for a capture file can easily become very large, getting
an idea of the interesting infos with this view can take quite a while. The advantage of this tab is to
have all entries in the sequence as they appeared, this is sometimes a help to pinpoint problems.
the packet list). As the amount of expert infos for a capture file can easily become very large, getting
an idea of the interesting infos with this view can take quite a while. The advantage of this tab is to
have all entries in the sequence as they appeared, this is sometimes a help to pinpoint problems.
7.3.3. "Colorized" Protocol Details Tree
The protocol field causing an expert info is colorized, e.g. uses a cyan background for a note sever-
ity level. This color is propagated to the toplevel protocol item in the tree, so it's easy to find the
field that caused the expert info.
ity level. This color is propagated to the toplevel protocol item in the tree, so it's easy to find the
field that caused the expert info.
For the example screenshot above, the IP "Time to live" value is very low (only 1), so the corres-
ponding protocol field is marked with a cyan background. To easier find that item in the packet tree,
the IP protocol toplevel item is marked cyan as well.
ponding protocol field is marked with a cyan background. To easier find that item in the packet tree,
the IP protocol toplevel item is marked cyan as well.
7.3.4. "Expert" Packet List Column (optional)
An optional "Expert Info Severity" packet list column is available (since SVN 22387 -> 0.99.7), that
displays the most significant severity of a packet, or stays empty if everything seems ok. This
column is not displayed by default, but can be easily added using the Preferences Columns page de-
scribed in
displays the most significant severity of a packet, or stays empty if everything seems ok. This
column is not displayed by default, but can be easily added using the Preferences Columns page de-
scribed in
.
Advanced Topics
135