Wireshark-dev: Re: [Wireshark-dev] Disectors & conversations

From: "Cook, Timothy" <tcook@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Jun 2006 13:11:57 -0400
Title: Re: [Wireshark-dev] Disectors & conversations

That was my assumption!  I've included the fragment of the array for the value in question.  Refer to the attached Wireshark decode.

static hf_register_info hf[] = {
{ &hf_cwrio_MsgType,
{ "Message Type", "cwrio.MsgType"
,FT_INT8, BASE_HEX, NULL, 0x0,
"CW Host aligns even # of bytes", HFILL }

},

-Tim



From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kukosa, Tomas
Sent: Thursday, June 22, 2006 12:52 PM
To: Developer support list for Wireshark
Subject: RE: [Wireshark-dev] Disectors & conversations

It seems you use BASE_HEX_DEC for the field. If you use BASE_HEX it shoudl disply only hexadecimal variant.
 


Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy
Odesláno: čt 22.6.2006 17:05
Komu: Developer support list for Wireshark
Předmět: Re: [Wireshark-dev] Disectors & conversations

Thanks for the info.

I have yet another question.

Using the routine proto_tree_add_item() to add a signed value to the
Protocol tree displays the value in HEX (as expected) & a decimal value
in parens.  How can I prevent the decimal value from being displayed?

-Tim



> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Wednesday, June 21, 2006 1:13 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Disectors & conversations
>
> Hi,
>
> Technically the TCP ACK only packet isn't part of your
> protocol, it's an underlying mechanism that transports the
> data for you. The whole idea of protocol layers is that they
> are independant, it should be possible to replace TCP with
> another stream protocol and your application still works.
> Think of UNIX sockets for instance. That is why you shouldn't
> be concerned with that in relation to your protocol.
>
> Thanx,
> Jaap
>
> On Wed, 21 Jun 2006, Cook, Timothy wrote:
>
> > Isn't it true that myDissector only gets called if the TCP
> data length
> > > 0?  Therefore, since a TCP ACK (data length = 0) will not cause
> > myDissector to be called.
> >
> > I'm new to this whole process!
> >
> > -Tim
> >
> >
> > > -----Original Message-----
> > > From: wireshark-dev-bounces@xxxxxxxxxxxxx
> > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap
> > > Keuter
> > > Sent: Wednesday, June 21, 2006 11:59 AM
> > > To: Developer support list for Wireshark
> > > Subject: Re: [Wireshark-dev] Disectors & conversations
> > >
> > > Hi,
> > >
> > > How about
> > >
> > >       if (check_col(pinfo->cinfo, COL_PROTOCOL))
> > >       {
> > >         col_set_str(pinfo->cinfo, COL_PROTOCOL, "myProtocol" );
> > >       }
> > >
> > > Thanx,
> > > Jaap
> > >
> > > On Wed, 21 Jun 2006, Cook, Timothy wrote:
> > >
> > > > We have written a new dissector for Wireshark.  Using the the
> > > > README.developer (plus other dissector examples) made
> the creation
> > > > very simple (thanks for the detailed info).
> > > >
> > > > My dissector hooks TCP port 1000.
> > > >
> > > > How can I hook TCP packets (SYN/FIN/RST/...) and change the
> > > Protocol
> > > > column data to mimic the respective dissector.
> > > >
> > > > I want to be able to filter based on the protocol & get
> the whole
> > > > conversation, including the channel open & close.
> > > >
> > > >
> > > > -Tim
> > > >
> > >
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> > > ______________________________________________________________
> > > _______________
> > > Scanned by IBM Email Security Management Services powered by
> > > MessageLabs. For more information please visit
> > > http://www.ers.ibm.com
> > > ______________________________________________________________
> > > _______________
> > >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> ______________________________________________________________
> _______________
> Scanned by IBM Email Security Management Services powered by
> MessageLabs. For more information please visit
> http://www.ers.ibm.com
> ______________________________________________________________
> _______________
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Attachment: CWrio_dissector.tif
Description: CWrio_dissector.tif