Wireshark-dev: Re: [Wireshark-dev] Disectors & conversations

From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>
Date: Thu, 22 Jun 2006 20:04:05 +0200
It is strange. I have no clue where the number in parenthese goes from.
How does the code arround proto_tree_add_item() look like?

________________________________

Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy
Odesláno: čt 22.6.2006 19:11
Komu: Developer support list for Wireshark
Předmět: Re: [Wireshark-dev] Disectors & conversations


That was my assumption!  I've included the fragment of the array for the value in question.  Refer to the attached Wireshark decode.

static hf_register_info hf[] = {
{ &hf_cwrio_MsgType,
{ "Message Type", "cwrio.MsgType",FT_INT8, BASE_HEX, NULL, 0x0, 
"CW Host aligns even # of bytes", HFILL }
},

-Tim


________________________________

	From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kukosa, Tomas
	Sent: Thursday, June 22, 2006 12:52 PM
	To: Developer support list for Wireshark
	Subject: RE: [Wireshark-dev] Disectors & conversations
	
	
	It seems you use BASE_HEX_DEC for the field. If you use BASE_HEX it shoudl disply only hexadecimal variant.
	 

________________________________

	Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy
	Odesláno: čt 22.6.2006 17:05
	Komu: Developer support list for Wireshark
	Předmět: Re: [Wireshark-dev] Disectors & conversations
	
	

	Thanks for the info.
	
	I have yet another question.
	
	Using the routine proto_tree_add_item() to add a signed value to the
	Protocol tree displays the value in HEX (as expected) & a decimal value
	in parens.  How can I prevent the decimal value from being displayed?
	
	-Tim
	
	
	
	> -----Original Message-----
	> From: wireshark-dev-bounces@xxxxxxxxxxxxx
	> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
	> Sent: Wednesday, June 21, 2006 1:13 PM
	> To: Developer support list for Wireshark
	> Subject: Re: [Wireshark-dev] Disectors & conversations
	>
	> Hi,
	>
	> Technically the TCP ACK only packet isn't part of your
	> protocol, it's an underlying mechanism that transports the
	> data for you. The whole idea of protocol layers is that they
	> are independant, it should be possible to replace TCP with
	> another stream protocol and your application still works.
	> Think of UNIX sockets for instance. That is why you shouldn't
	> be concerned with that in relation to your protocol.
	>
	> Thanx,
	> Jaap
	>
	> On Wed, 21 Jun 2006, Cook, Timothy wrote:
	>
	> > Isn't it true that myDissector only gets called if the TCP
	> data length
	> > > 0?  Therefore, since a TCP ACK (data length = 0) will not cause
	> > myDissector to be called.
	> >
	> > I'm new to this whole process!
	> >
	> > -Tim
	> >
	> >
	> > > -----Original Message-----
	> > > From: wireshark-dev-bounces@xxxxxxxxxxxxx
	> > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap
	> > > Keuter
	> > > Sent: Wednesday, June 21, 2006 11:59 AM
	> > > To: Developer support list for Wireshark
	> > > Subject: Re: [Wireshark-dev] Disectors & conversations
	> > >
	> > > Hi,
	> > >
	> > > How about
	> > >
	> > >       if (check_col(pinfo->cinfo, COL_PROTOCOL))
	> > >       {
	> > >         col_set_str(pinfo->cinfo, COL_PROTOCOL, "myProtocol" );
	> > >       }
	> > >
	> > > Thanx,
	> > > Jaap
	> > >
	> > > On Wed, 21 Jun 2006, Cook, Timothy wrote:
	> > >
	> > > > We have written a new dissector for Wireshark.  Using the the
	> > > > README.developer (plus other dissector examples) made
	> the creation
	> > > > very simple (thanks for the detailed info).
	> > > >
	> > > > My dissector hooks TCP port 1000.
	> > > >
	> > > > How can I hook TCP packets (SYN/FIN/RST/...) and change the
	> > > Protocol
	> > > > column data to mimic the respective dissector.
	> > > >
	> > > > I want to be able to filter based on the protocol & get
	> the whole
	> > > > conversation, including the channel open & close.
	> > > >
	> > > >
	> > > > -Tim
	> > > >
	> > >
	> > > _______________________________________________
	> > > Wireshark-dev mailing list
	> > > Wireshark-dev@xxxxxxxxxxxxx
	> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
	> > >
	> > > ______________________________________________________________
	> > > _______________
	> > > Scanned by IBM Email Security Management Services powered by
	> > > MessageLabs. For more information please visit
	> > > http://www.ers.ibm.com
	> > > ______________________________________________________________
	> > > _______________
	> > >
	> > _______________________________________________
	> > Wireshark-dev mailing list
	> > Wireshark-dev@xxxxxxxxxxxxx
	> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
	> >
	>
	> _______________________________________________
	> Wireshark-dev mailing list
	> Wireshark-dev@xxxxxxxxxxxxx
	> http://www.wireshark.org/mailman/listinfo/wireshark-dev
	>
	> ______________________________________________________________
	> _______________
	> Scanned by IBM Email Security Management Services powered by
	> MessageLabs. For more information please visit
	> http://www.ers.ibm.com
	> ______________________________________________________________
	> _______________
	>
	_______________________________________________
	Wireshark-dev mailing list
	Wireshark-dev@xxxxxxxxxxxxx
	http://www.wireshark.org/mailman/listinfo/wireshark-dev
	

<<winmail.dat>>