Wireshark · Wireshark-dev: Re: [Wireshark-dev] how do I know that a new capture has been started

Wireshark-dev: Re: [Wireshark-dev] how do I know that a new capture has been started

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 21 May 2009 09:16:25 -0700


On May 21, 2009, at 8:23 AM, wsgd wrote:

Into a plugin dissector,
how do I know that :
- a new capture has been started
- a new file is loaded

You call register_init_routine() in your protocol registrationroutine, passing it a pointer to a function (no arguments, no returnvalue) that's called before Wireshark makes a pass through a capturefile and dissects all its packets. That function would clean up anystate information from a previous capture file or a previousdissection of the current capture file.

References:
- [Wireshark-dev] tshark asked that I send this email
  - From: Noah Campbell
- [Wireshark-dev] how do I know that a new capture has been started
  - From: wsgd

Prev by Date: [Wireshark-dev] how do I know that a new capture has been started
Next by Date: Re: [Wireshark-dev] capturing on multiple interfaces
Previous by thread: [Wireshark-dev] how do I know that a new capture has been started
Next by thread: Re: [Wireshark-dev] how do I know that a new capture has been started
Index(es):
- Date
- Thread