Wireshark-dev: Re: [Wireshark-dev] How to collect information from various packets during disse

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 24 Sep 2009 12:51:15 +0200
Hi,

Maybe you can find inspiration in README.developer 2.2 Following
"conversations", and README.request_response_tracking.

Thanx,
Jaap

On Thu, 24 Sep 2009 09:32:19 +0200, Christian Gurk
<christian.gurk@xxxxxxx>
wrote:
> Hi,
> I just switched successfully from lua to c. So I could "rewrite" my own 
> dissectors in c and get them to run (very nice:-) thanks to the various 
> tutorials and the source code.
> 
> My problem now:
> I have a protocol, where different nodes in our experimental network 
> send regularly keep-alive messages with its own node-ID (NID) and 
> node-serialnumber (SN). I would like to use this information for "name 
> resolution" in my protocol.
> 
> The idea:
> If I could save the node-serials during dissection in a table somewhere,

> I could use this table for nameresolution during dissetion of 
> non-keep-allive messages, where I only have the node-IDs.
> 
> Example:
> (KA = keepalive; OM = other message; NID 255 = broadcast)
> type | dstNID | srcNID | data
> KA      255        1     NODE0031
> KA      255        3     NODE0012
> KA      255        2     NODE0005
> OM       2         1     foo...
> OM       1         2     answer to foo...
> ...
> 
> Now, if I could save the serials from the first three messages (KA) then

> I could use this information for the next two messages (OM).
> My problem is now, how to store these information?! At the moment it 
> would be sufficient to have possible 255 NIds. So if I could create a 
> "global" array of strings, then I could use the NID as an index. That 
> would be easy then. But how could I create such an array globally? 
> Sorry, I'm new to C and wireshark...
> 
> Hope someone could help me or show me some examples?
> Greetings
> Christian