On Aug 27, 2009, at 3:59 PM, Saad Nader wrote:
I’m dissecting a protocol that doesn’t have a good message
structure. This protocol is a TCP based protocol. There is no
packet header that tells me what type of message I have. I’ve been
using a conversation and state data to keep track but that also has
issues when viewing previous packets. Any packet previous to the
current packet will not have correct state. I’ve been trying to
look for a way to use the TCP sequence number to aid myself. Is
there any easy way to get this from packet_info?
What I usually do in this sort of case is to use conversations as you
are, but also store some sort of identifier in the packet data itself
after figuring out where you are from the conversation data. This
corrects the problem when viewing previous packets because the
dissector can simply look up the state in the packet's data. The per
packet data is handled using p_get_proto_data() and p_set_proto_data().
Steve