On Tue, Feb 03, 2009 at 05:31:43PM -0500, James Gallogly wrote:
> I am writing a dissector for a protocol where a packet contains
> several different kinds of internal msgs and has 0-N instances of each
> kind of internal message. I am trying to figure out the best way to
> set up the etts. (I am new to writing dissectors so maybe I am
> thinking about it all wrong)
> Keep in mind the index for A and B are irrelevant to the data inside
> them.so int 1 and int 2 might form an "ID" for the A data and float 1
> might form an "ID" for the B data.
Try looking at the VNC dissector (epan/dissectors/packet-vnc.c). I
spent quite a while building trees and sub-trees in a similar fashion to
what you're describing. You can grab vnc-sample.pcap from
http://wiki.wireshark.org/SampleCaptures to see the results.
Steve