Wireshark-dev: Re: [Wireshark-dev] Filtering

Date: Tue, 31 Mar 2009 22:53:25 +0000
Hi Guy,

>If your DLL is handed the raw blob, and returns only human-readable  
>descriptions of fields, it's not going to work very well in a  
>Wireshark dissector.


I think that answer my question. So it looks like my best bet is to use the hidden field and just go with bad UI eh? Was hoping to avoid this but I cant see another way, but thats just my knowledge of wireshark

Greg

Guy Harris wrote:
> On Mar 31, 2009, at 1:19 PM, gogrady@xxxxxxxxx wrote:
>
>> I have read through both of those, though i probably should do it  
>> again now that i know more. But maybe I'm just confused on how the  
>> others are outputted. right now i add to the tree with:
>>
>> time = (_GetMsgTime)();
>> pi = proto_tree_add_text(icom_message_tree, tvb, 0, 0, "Time: %s",  
>> time);
>
> Wireshark expects to be handed a raw blob of binary packet data, and  
> to *itself* fetch values from that blob and generate *its own* human- 
> readable descriptions, so that it can do more with fields in packets  
> than just display them to the user.
>
> If your DLL is handed the raw blob, and returns only human-readable  
> descriptions of fields, it's not going to work very well in a  
> Wireshark dissector.
>