> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher
> Sent: 19 July 2009 06:29
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] How to reassemble split TCP Packets - to
> grouptogether with full messages? - Email found in subject - Email
found
> in subject
>
> On Fri, Jul 17, 2009 at 10:14:20PM +0100, Tamas Somogyi wrote:
>
> > I'd like to fill the info column with a complete description on all
> > the contained messages.
>
> What about using a conversation to store data for the entire session?
> For example, the (r)exec dissector that I wrote a while back displays
> the username and program being run (both can be enabled or disabled
with
> only the username on by default) in the info column of every packet of
> the session, so you can tell which packet belongs to which user's
> session.
Hmmm... I'm not familiar with conversations in Wireshark and how to
apply in my case - according to the Users Guide, it gives some
statistics on the entire session. However I'd like to display info which
is related to the belonging packet only - e.g. the number of contained
messages:
No.|Time|Source|Destination|Protocol|Info
1|0.00|192.x |192.y |foo |3 Foo Messages
2|0.01|192.x |192.y |foo |2 Foo Messages
3|0.02|192.x |192.y |foo |1 Foo Message
...