Re: Display Filter troubleshooting

[Hugo van der Kooij <hugo.van.der.kooij () qi nl>]

Sake,

That’s right.

Oddly enough it took multiple attempts before wireshark was able to interprete this correctly.
But now it works.



Met vriendelijke groet / With kind regards,



Hugo van der Kooij
network engineer

[cid:image489c67.JPG@7f930cfc.41ab58f8]<https://www.qi.nl/over-qi-ict>

Delft<https://www.qi.nl/vestigingen#delft> - Noord-Oost<https://www.qi.nl/vestigingen#Qi-ict-noordoost> - 
Zuid<https://www.qi.nl/vestigingen#qi-ict-zuid>
[cid:image469cd7.PNG@149d43fb.448b7a44]<http://www.facebook.com/qiict>  [cid:imageca5ef8.JPG@00431bb0.43837214] 
<https://nl.linkedin.com/company/qi-ict>        [cid:image89329b.JPG@fc45dd3f.46b80124] <http://twitter.com/qiict>      
[cid:image82619b.JPG@1b0cd4e5.478be3c9] <http://www.youtube.com/user/QiictDelft>


T: +31 15 888 0 345     F: +31 15 888 0 445
E: hugo.van.der.kooij () qi nl<mailto:hugo.van.der.kooij () qi nl>    I:  www.qi.nl<http://www.qi.nl>





Van: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] Namens Sake Blok
Verzonden: maandag 7 december 2015 21:01
Aan: Community support list for Wireshark <wireshark-users () wireshark org>
Onderwerp: Re: [Wireshark-users] Display Filter troubleshooting

Hugo,

You will need to use ${fwmon_if:eth1} if I read the friendly manual correctly 
(https://www.wireshark.org/docs/wsug_html_chunked/ChDisplayFilterMacrosSection.html)

Cheers,
Sake



On 7 dec 2015, at 11:05, Hugo van der Kooij wrote:


Hi,

I am trying to find where I did goof up in creating a display macro.

I want to create a short cut for commands like:
((fw1.interface == "eth1") && ((fw1.direction == "i") || (fw1.direction == "O")))

So I got this in my display macro file now:
# This file is automatically generated, DO NOT MODIFY.
"fwmon_if","((fw1.interface == \x22$1\x22) && ((fw1.direction == \x22i\x22) || (fw1.direction == \x22O\x22)))"
"fwmon_rtr","((fw1.interface == \x22$1\x22) && ((fw1.direction == \x22I\x22) || (fw1.direction == \x22o\x22)))"

But it seems Wireshark is not willing to accept my macro.
I can’t use for example:
            $fwmon_if{eth1}

So I guess I am doing something horribly wrong but can’t figure out where I made the mistake.

Anyone willing to share some light on this?

Regards,
Hugo


Met vriendelijke groet / With kind regards,
Hugo van der Kooij
network engineer

<imagee9e81a.JPG><https://www.qi.nl/over-qi-ict>
Delft<https://www.qi.nl/vestigingen#delft> - Noord-Oost<https://www.qi.nl/vestigingen#Qi-ict-noordoost> - 
Zuid<https://www.qi.nl/vestigingen#qi-ict-zuid>
<imagec005ef.PNG><http://www.facebook.com/qiict>

<image4b32f3.JPG><https://nl.linkedin.com/company/qi-ict>

<image9f897f.JPG><http://twitter.com/qiict>

<imagea1fbba.JPG><http://www.youtube.com/user/QiictDelft>



T: +31 15 888 0 345

F: +31 15 888 0 445

E: hugo.van.der.kooij () qi nl<mailto:hugo.van.der.kooij () qi nl>

I:  www.qi.nl<http://www.qi.nl>




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe