>Hi guys,
>I am not completely familiar with the conversations part of wireshark.I did go throught the sharkfest ppt by Guy Haaris.Then I realized that i can use
>the p_add_proto_data or p_get_proto_data to save data for each packet.I am not familar with it so I am reading rtp dissectors's code to understand it
>better.
>As I understand a conversation is created using the port and ip addresses and then dissectors add their convo_data using the handle(proto_rtp in case
>of rtp) then you can get get the conversation using find_conversation.The link I am missing is how is this conversation related to p_add/get_proto_data.
>So I have a couple of questions hope you dont mind answering them!
>1.How is a conversation related to p_add/get_proto_data.
It’s not related, in the conversation data you can store information related to all packets in a “flow” or “conversation”. In p_add/get_proto_data each
Protocol(and key) can store data per frame on the first pass where things are done in sequence to be used later where frames can be selected randomly.
You may want to combine the two however to build the information you need.
2.where does p_add_proto_data save the data after it is called?
In a list in the frame data structure, but you should use the accessor functions, protocol and key is used to get the right list item.