Wireshark-dev: Re: [Wireshark-dev] Question regarding QT/future Wireshark version

From: Roland Knall <rknall@xxxxxxxxx>
Date: Wed, 11 Jan 2012 11:02:43 +0100
Hi

On Wed, Jan 11, 2012 at 10:38 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Jan 6, 2012, at 6:15 AM, Roland Knall wrote:
>
>> Ok, let me clarify the idea. Let's for instance say, that you want to
>> have a graphical representation of the inner-workings of a
>> communication of two machines.
>
> BTW, you're not thinking of something such as what you can get from the Statistics -> Flow Graph... menu item, are you?

Actually, that is kind-of what I am thinking, but this flow-diagram is
not applicable for openSAFETY or industrial-ethernet solutions in
general. Such devices use so-called bus-controllers to communicate,
behind which the network communication takes place. That leads to the
situation that often a device behind bc1 talks to other devices behind
bc2 and bc3. In the flow-diagram such communication would now appear
as single communications between bc1 and bc2/3, which does not
represent the correct message flow.

The same goes for the "Conversation List", "IO Graph" as well as the
"Endpoint List". Also, following a specific conversation could be
tricky.

The second thing is, that I want to implement a network analyzer for
openSAFETY. openSAFETY ( as many industrial-ethernet protocols ) is a
multi-stage protocol. You have a "boot"-phase, a "configuration"-phase
and a "operational"-phase. Each having their own specific
communication commands and messages. A graphical representation of the
network based on the diessected messages, as well as a graphical
representation of the network status would be a useful add-on for the
openSAFETY dissector. I am currently implementing some sort of tool
for this using wireshark, but it is very openSAFETY specific, and I
would prefer a more generic approach. And I have some hopes, that with
a good plugin mechanism this could be solved using the Qt solution.
Otherwise I would implement it using just the dissection engine and as
a stand-alone tool, but that would also mean, that I would have to
manage distribution, updates, review, ... and with a generic approach
in wireshark this could be taken of my hands.

regards,
Roland