Wireshark-dev: [Wireshark-dev] Modifying the Decode of Previous Packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Bryant Eastham" <beastham@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Sep 2009 14:20:09 -0600

All-

 

I have developed many dissectors, but have not run up against this problem before. I am looking for a solution that will work inside a plugin dissector.

 

The issue is that I have some secure traffic that I cannot decode until I learn some state that is only periodically advertised. This means that during the first pass through the packets that I will fail to decode many packets, but that by the end of the first pass I will have (likely) learned enough to decode the previous packets.

 

I believe (and will shortly test) that any secondary decodes (as clicking on the undecoded packet) will magically cause the column info to update and the packet to display decoded (assuming that my learned state is associated with my conversation, which it is).

 

My question is whether it is possible to indicate to Wireshark that certain packets (or, worst case, all packets) should be rechecked. If it is only the “all packets” case I would likely not do anything (as I deal with large capture files). If selected packets could be redone then that might be interesting, as I know which packets are “mine” and if I learn later that I can decode them then I would know the frame numbers to re-parse.

 

Thoughts? Thanks.

-Bryant

 

Panasonic

http://eww.panasonic.com/meca/91320I18/brand_image/guidelines/spacer.gif

Panasonic Electric Works Laboratory of America - SLC Lab
4525 So. Wasatch Blvd., Suite 100, 84124
Salt Lake City, UT 84124

T 801.993.7124
F 801.993.7260
beastham@xxxxxxxxxxxxxxxxxxxxxxxxxx

Bryant Eastham
Chief Architect

Panasonic

 

***CONFIDENTIALITY NOTICE***: This e-mail and any attachments may contain information which is confidential, proprietary, trade secret, privileged or otherwise protected by law. The information is the property of Panasonic Electric Works Laboratory of America, Inc., and is solely intended for the named addressee (or a person responsible or delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender and the Office of General Counsel at generalcounsel@xxxxxxxxxxxxxxxxxxxxx immediately by return e-mail and delete it from your computer.