Wireshark-dev: Re: [Wireshark-dev] Create User Friendly Hex Dump for Compression Algorithms

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Mon, 18 Feb 2008 17:47:49 -0700
On Mon, Feb 18, 2008 at 03:12:20PM -0700, Padilla, Alex D wrote:

> Does anyone know how I can create a more user friendly hex dump 
> display for compression algorithms?  I would like to separate the hex 
> dump when capturing packets into sections that contain information on 
> compression algorithms, whether the dump is chunked or not, and a 
> variety of other things.  If I capture a packet that is compressed, I 
> would like the compression information to be displayed (i.e. it was 
> compressed using deflate, etc.).  I've been reading up on LUA but 
> cannot find too much information about the specifics of using it with 
> Wireshark except for the short section in the Wireshark User's Guide.

The closest functionality that would be a close fit, although not exact, 
and already exists in Wireshark is to add new data source tabs along the 
bottom.  You can see this in action in various protocols such as HTTP 
when a compressed page is downloaded.  There will be the normal hex tab 
and then next to it the uncompressed version.  You can put any label on 
the new tab that you want (possibly satisfying your need to display 
information about the compression, chunked, etc. although it shouldn't 
be very long).

The new data source tab is created with add_new_data_source() function 
from epan/packet.c.  A few other statements are needed to setup the tvb 
for the new data source as seen in packet-http.c:


     uncomp_tvb = tvb_uncompress(next_tvb, 0,
                                 tvb_length(next_tvb));

     next_tvb = uncomp_tvb;
     tvb_set_child_real_data_tvbuff(tvb, next_tvb);
     add_new_data_source(pinfo, next_tvb,  "Uncompressed entity body");


Steve