Wireshark-dev: Re: [Wireshark-dev] Disectors & conversations
From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>
Date: Thu, 22 Jun 2006 20:04:05 +0200
It is strange. I have no clue where the number in parenthese goes from.
How does the code arround proto_tree_add_item() look like?
________________________________
Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy
Odesláno: čt 22.6.2006 19:11
Komu: Developer support list for Wireshark
Předmět: Re: [Wireshark-dev] Disectors & conversations
That was my assumption! I've included the fragment of the array for the value in question. Refer to the attached Wireshark decode.
static hf_register_info hf[] = {
{ &hf_cwrio_MsgType,
{ "Message Type", "cwrio.MsgType",FT_INT8, BASE_HEX, NULL, 0x0,
"CW Host aligns even # of bytes", HFILL }
},
-Tim
________________________________
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kukosa, Tomas
Sent: Thursday, June 22, 2006 12:52 PM
To: Developer support list for Wireshark
Subject: RE: [Wireshark-dev] Disectors & conversations
It seems you use BASE_HEX_DEC for the field. If you use BASE_HEX it shoudl disply only hexadecimal variant.
________________________________
Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy
Odesláno: čt 22.6.2006 17:05
Komu: Developer support list for Wireshark
Předmět: Re: [Wireshark-dev] Disectors & conversations
Thanks for the info.
I have yet another question.
Using the routine proto_tree_add_item() to add a signed value to the
Protocol tree displays the value in HEX (as expected) & a decimal value
in parens. How can I prevent the decimal value from being displayed?
-Tim
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Wednesday, June 21, 2006 1:13 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Disectors & conversations
>
> Hi,
>
> Technically the TCP ACK only packet isn't part of your
> protocol, it's an underlying mechanism that transports the
> data for you. The whole idea of protocol layers is that they
> are independant, it should be possible to replace TCP with
> another stream protocol and your application still works.
> Think of UNIX sockets for instance. That is why you shouldn't
> be concerned with that in relation to your protocol.
>
> Thanx,
> Jaap
>
> On Wed, 21 Jun 2006, Cook, Timothy wrote:
>
> > Isn't it true that myDissector only gets called if the TCP
> data length
> > > 0? Therefore, since a TCP ACK (data length = 0) will not cause
> > myDissector to be called.
> >
> > I'm new to this whole process!
> >
> > -Tim
> >
> >
> > > -----Original Message-----
> > > From: wireshark-dev-bounces@xxxxxxxxxxxxx
> > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap
> > > Keuter
> > > Sent: Wednesday, June 21, 2006 11:59 AM
> > > To: Developer support list for Wireshark
> > > Subject: Re: [Wireshark-dev] Disectors & conversations
> > >
> > > Hi,
> > >
> > > How about
> > >
> > > if (check_col(pinfo->cinfo, COL_PROTOCOL))
> > > {
> > > col_set_str(pinfo->cinfo, COL_PROTOCOL, "myProtocol" );
> > > }
> > >
> > > Thanx,
> > > Jaap
> > >
> > > On Wed, 21 Jun 2006, Cook, Timothy wrote:
> > >
> > > > We have written a new dissector for Wireshark. Using the the
> > > > README.developer (plus other dissector examples) made
> the creation
> > > > very simple (thanks for the detailed info).
> > > >
> > > > My dissector hooks TCP port 1000.
> > > >
> > > > How can I hook TCP packets (SYN/FIN/RST/...) and change the
> > > Protocol
> > > > column data to mimic the respective dissector.
> > > >
> > > > I want to be able to filter based on the protocol & get
> the whole
> > > > conversation, including the channel open & close.
> > > >
> > > >
> > > > -Tim
> > > >
> > >
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> > > ______________________________________________________________
> > > _______________
> > > Scanned by IBM Email Security Management Services powered by
> > > MessageLabs. For more information please visit
> > > http://www.ers.ibm.com
> > > ______________________________________________________________
> > > _______________
> > >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> ______________________________________________________________
> _______________
> Scanned by IBM Email Security Management Services powered by
> MessageLabs. For more information please visit
> http://www.ers.ibm.com
> ______________________________________________________________
> _______________
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
<<winmail.dat>>
- References:
- Re: [Wireshark-dev] Disectors & conversations
- From: Cook, Timothy
- Re: [Wireshark-dev] Disectors & conversations
- Prev by Date: Re: [Wireshark-dev] Disectors & conversations
- Next by Date: Re: [Wireshark-dev] Disectors & conversations
- Previous by thread: Re: [Wireshark-dev] Disectors & conversations
- Next by thread: Re: [Wireshark-dev] Disectors & conversations
- Index(es):