On Wed, May 12, 2010 at 07:16:17PM +1000, Craig Bumpstead wrote:
> Is it ok to read from tvbuff, manipulate the string and write back to
> it without messing up Wireshark??
No.
> I would like my proprietary protocol to show relevant information in
> "Follow TCP Stream". All it shows at the moment is illegible hex. Is
> it possible to write code for a dissector / interpreter for "Follow
> TCP Stream"?
What about writing your own "Follow xxx" feature? A while back, I put a
lot of work into separating those functions and source code files into
follow_ssl.[ch], follow_tcp.[ch] and follow_udp.[ch] along with
follow_stream.[ch] for shared functionality. Some is still in
epan/follow.[ch]. It's not as cleaned up as I would like, but it should
help make it easier.
Follow TCP and UDP take straight text, whereas Follow SSL decrypts the
data first. Your addition could decrypt or do whatever you need to to
the data and then display it. Let us know if you need some explaination
on the current following clode.
--
Steve