ali alkhalidi wrote:
the protocol I want data from is IP, and I'm intrested in at least the
least 20 bytes (a normal non-fragmented IP datagram) of it, things
that cover the basic things like packet-id, payload length, etc.
The raw data isn't available to subdissectors. That's just not the way
Wireshark is designed to work - decoding the raw IP data should be done
once, by the IP dissector.
Much of the data in the header is actually available; the source and
destination IP addresses are in pinfo->net_src and pinfo->net_dst; if
you need more, you may need to think about modifying the IP dissector.
Have you considered registering an IP tap (see README.tapping)? Such
taps are passed all the header information in an e_ip structure.
Otherwise, I suggest you explain a bit more about what end result you
are trying to achieve.