Wireshark-dev: Re: [Wireshark-dev] New GUI for specific protocol

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 24 Jan 2017 12:10:49 -0800
On Jan 24, 2017, at 9:51 AM, Juan Jose Martin Carrascosa <juanjo@xxxxxxx> wrote:

> I would like to write a new GUI to show nicely the information obtained from the RTPS dissector. Can Wireshark help with that?

There is no provision in Wireshark for showing the raw dissection result (the protocol tree) differently.  This is intentional - dissectors are supposed to exist, and work, independently of any particular UI code (that's why TShark works).

If you want to show information in some *other* form, you should write a tap with a GUI.  See doc/README.tapping for information on writing a tap.  The tap's per-packet function is passed an epan_dissect_t pointer (which includes a pointer to the *entire* protocol tree, not just the subtree for the protocol being tapped) and a const void * that points to whatever data the dissector passes to the tap.