Wireshark-dev: Re: [Wireshark-dev] Disectors & conversations
From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>
Date: Thu, 22 Jun 2006 20:04:05 +0200
It is strange. I have no clue where the number in parenthese goes from. How does the code arround proto_tree_add_item() look like? ________________________________ Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy Odesláno: čt 22.6.2006 19:11 Komu: Developer support list for Wireshark Předmět: Re: [Wireshark-dev] Disectors & conversations That was my assumption! I've included the fragment of the array for the value in question. Refer to the attached Wireshark decode. static hf_register_info hf[] = { { &hf_cwrio_MsgType, { "Message Type", "cwrio.MsgType",FT_INT8, BASE_HEX, NULL, 0x0, "CW Host aligns even # of bytes", HFILL } }, -Tim ________________________________ From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kukosa, Tomas Sent: Thursday, June 22, 2006 12:52 PM To: Developer support list for Wireshark Subject: RE: [Wireshark-dev] Disectors & conversations It seems you use BASE_HEX_DEC for the field. If you use BASE_HEX it shoudl disply only hexadecimal variant. ________________________________ Od: wireshark-dev-bounces@xxxxxxxxxxxxx za uživatele Cook, Timothy Odesláno: čt 22.6.2006 17:05 Komu: Developer support list for Wireshark Předmět: Re: [Wireshark-dev] Disectors & conversations Thanks for the info. I have yet another question. Using the routine proto_tree_add_item() to add a signed value to the Protocol tree displays the value in HEX (as expected) & a decimal value in parens. How can I prevent the decimal value from being displayed? -Tim > -----Original Message----- > From: wireshark-dev-bounces@xxxxxxxxxxxxx > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter > Sent: Wednesday, June 21, 2006 1:13 PM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Disectors & conversations > > Hi, > > Technically the TCP ACK only packet isn't part of your > protocol, it's an underlying mechanism that transports the > data for you. The whole idea of protocol layers is that they > are independant, it should be possible to replace TCP with > another stream protocol and your application still works. > Think of UNIX sockets for instance. That is why you shouldn't > be concerned with that in relation to your protocol. > > Thanx, > Jaap > > On Wed, 21 Jun 2006, Cook, Timothy wrote: > > > Isn't it true that myDissector only gets called if the TCP > data length > > > 0? Therefore, since a TCP ACK (data length = 0) will not cause > > myDissector to be called. > > > > I'm new to this whole process! > > > > -Tim > > > > > > > -----Original Message----- > > > From: wireshark-dev-bounces@xxxxxxxxxxxxx > > > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap > > > Keuter > > > Sent: Wednesday, June 21, 2006 11:59 AM > > > To: Developer support list for Wireshark > > > Subject: Re: [Wireshark-dev] Disectors & conversations > > > > > > Hi, > > > > > > How about > > > > > > if (check_col(pinfo->cinfo, COL_PROTOCOL)) > > > { > > > col_set_str(pinfo->cinfo, COL_PROTOCOL, "myProtocol" ); > > > } > > > > > > Thanx, > > > Jaap > > > > > > On Wed, 21 Jun 2006, Cook, Timothy wrote: > > > > > > > We have written a new dissector for Wireshark. Using the the > > > > README.developer (plus other dissector examples) made > the creation > > > > very simple (thanks for the detailed info). > > > > > > > > My dissector hooks TCP port 1000. > > > > > > > > How can I hook TCP packets (SYN/FIN/RST/...) and change the > > > Protocol > > > > column data to mimic the respective dissector. > > > > > > > > I want to be able to filter based on the protocol & get > the whole > > > > conversation, including the channel open & close. > > > > > > > > > > > > -Tim > > > > > > > > > > _______________________________________________ > > > Wireshark-dev mailing list > > > Wireshark-dev@xxxxxxxxxxxxx > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > ______________________________________________________________ > > > _______________ > > > Scanned by IBM Email Security Management Services powered by > > > MessageLabs. For more information please visit > > > http://www.ers.ibm.com > > > ______________________________________________________________ > > > _______________ > > > > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@xxxxxxxxxxxxx > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > ______________________________________________________________ > _______________ > Scanned by IBM Email Security Management Services powered by > MessageLabs. For more information please visit > http://www.ers.ibm.com > ______________________________________________________________ > _______________ > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
<<winmail.dat>>
- References:
- Re: [Wireshark-dev] Disectors & conversations
- From: Cook, Timothy
- Re: [Wireshark-dev] Disectors & conversations
- Prev by Date: Re: [Wireshark-dev] Disectors & conversations
- Next by Date: Re: [Wireshark-dev] Disectors & conversations
- Previous by thread: Re: [Wireshark-dev] Disectors & conversations
- Next by thread: Re: [Wireshark-dev] Disectors & conversations
- Index(es):