|
Hello list,
I am using ethereal 10.7 version for
decoding of the captured file.I am reading a
captured file and the read information
from the captured file I am printing in the
ethereal using col_add_str in
dissectors.I am printing the hex bytes in the third pane and decoded tree in the
second pane. It works fine.
I am going to read all the captured file ('N'
number of packets) at once and print it
using the way,
if (check_col(pinfo->cinfo, COL_DEF_SRC))
col_set_str(pinfo->cinfo, COL_DEF_SRC,
"xxx");
if (check_col(pinfo->cinfo, COL_DEF_DST))
col_add_str(pinfo->cinfo, COL_DEF_DST,
"xxx");
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_add_str(pinfo->cinfo, COL_PROTOCOL,
"xxx");
if
(check_col(pinfo->cinfo,COL_INFO))
col_add_str(pinfo->cinfo,COL_INFO,"xxx");
And each time when a packet is selected I am going to get the corresponding
hex bytes and decode it.
1. I have a problem in filtering using the "frame
number as the filed". If I give an
_expression_ like "frame.number >
100" I will get all the filterd packets with frame
number > 100 ,fine but the value of the columns like
source,destination,packet_info will remain
unchanged .ie One packet value is printed for all the packets filtered
after giveing the filtering _expression_. Is it the problem of
the way I read the captured file?
2. My second
question is in filtering routine is it possible to filter based on the
values
of the second window ,for
example "decoded value == 'xx' " and so on?.
3. Do ethereal needs to register the fields which I
want to decode based on those fields.?
If any body can help please help me,
regards
Harsha
|