|
If you use a local static variable in the
dissect_yourprot() function, it will store the number across
packets.
eg:
//don't expect this to compile, it's just a
mock-up
static int dissect_yourprot(pinfo, tvb, tree)
{
static guint32 last_sequence_number =
0;
guint32
sequence_number;
...
sequence_number = tvb_get_ntohl(tvb,
2);
if (last_sequence_number &&
sequence_number != last_sequence_number + 1) {
//gap!
}
last_sequence_number =
sequence_number;
...
}
-Patrick
Hi,
I’m fairly new to Wireshark
development...actually, I just started today.
I wrote a plugin for a UDP based
protocol and it’s working fine. The protocol has a sequence number as the
second field (4 bytes, offset = 2 bytes). The sequence numbers are sent
sequentially, but since this is UDP, I am not guaranteed to receive all
packets. How can I get the plugin to check for gaps in the sequence
numbers?
Thanks.
Kwan
Ng
Development
Integration Specialist
P
Please consider the
environment before printing this email or any attachments
therein.
The information contained in this message and any attachments (the "Message") is intended for specific individual(s), and may be confidential or proprietary. If you are not the intended recipient, please notify the sender immediately, delete this Message and do not disclose. Messages are not secure or error free and can contain viruses and the sender is not liable for any of these occurrences. The sender reserves the right to monitor, record and retain Messages.
DISCLAIMER:---------------------------------------------------------------------------
This e-mail transmission and any documents, files and previous e-mail messages
attached to it are private and confidential. They may contain proprietary or copyright
material or information that is subject to legal professional privilege. They are for
the use of the intended recipient only. Any unauthorised viewing, use, disclosure,
copying, alteration, storage or distribution of, or reliance on, this message is
strictly prohibited. No part may be reproduced, adapted or transmitted without the
written permission of the owner. If you have received this transmission in error, or
are not an authorised recipient, please immediately notify the sender by return email,
delete this message and all copies from your e-mail system, and destroy any printed
copies. Receipt by anyone other than the intended recipient should not be deemed a
waiver of any privilege or protection. Thales Australia does not warrant or represent
that this e-mail or any documents, files and previous e-mail messages attached are
error or virus free.
--------------------------------------------------------------------------------------
|