Wireshark-dev: [Wireshark-dev] [Fwd: Re: File format and coloring rules.]

From: "Agustin Figueredo Canosa" <dvs@xxxxxxxxxx>
Date: Tue, 30 Nov 2010 10:45:19 +0100 (CET)
The idea for the colors was to have different color rules for the first 8
hosts. I didn't know if it was possible to do, but I think, using filters,
the only way is to set the color filters each time. I wanted to know if
there was any "automatic method" for do that.

Thanks




---------------------------- Mensaje original ----------------------------
Asunto: Re: [Wireshark-dev] File format and coloring rules.
De:     "Guy Harris" <guy@xxxxxxxxxxxx>
Fecha:  Mar, 30 de Noviembre de 2010, 9:59 am
Para:   "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
--------------------------------------------------------------------------


On Nov 30, 2010, at 12:43 AM, Agustin Figueredo Canosa wrote:

> I have a dissector for my protocol that works fine, but I have a few
> questions..
>
> 1 - I have an external Sniffer (I haven't develop it) that uses a list
> from the component "TListView" of Borland Builder for saving capture
> files. The content of the files is transparent for user, If you open this
> file with a text editor, the content is illegible. Is there any way for
> add this file format to wiretap??

If:

	1) that file format is documented somewhere, or can be reverse-engineered

and

	2) it has records for each packet that contain the raw data for the
packet and, if it's available, a time stamp for the packet

it's probably possible - we'd have to see the documentation for the file
format, or see some capture files in that format as well as information
giving some or all of the contents of each packet and, if they're in the
file, the time stamp for each packet (for reverse-engineering).

> 2 - I´d like to use different colors rules depending on the host
> directions. How can i do that? Obviously, I dont know this directions
> untill the frame arrives.

What if, for example, it's an Ethernet or Wi-Fi capture and there are more
than two hosts?

For IP packets, if you know the IP addresses of two of the hosts, you
could construct two color filter rules for traffic in each direction
between those hosts, but that wouldn't handle traffic between one of those
hosts and a third host, or traffic between two other hosts.  If it's on a
network with multiple link-layer addresses, the same would apply to them.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe