Wireshark-users: Re: [Wireshark-users] [Wireshark-dev] Dissecting packet details field by field

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 14 Jul 2017 20:46:08 -0700
On Jul 14, 2017, at 4:19 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

> On Jul 14, 2017, at 5:38 AM, David Schaeffer <david.schaeffer2@xxxxxxxxx> wrote:
> 
>> The problem is we have multiple PLCs sending the same bit codes so just grabbing a filter for solely the bit code doesn't work, as it pulls from every PLC.
>> I need to grab the IP address with it to track the specific bit code from that specific PLC.
> 
> *That* would require adding the ability to register a per-field callback, with the default being one that causes a "standard" I/O graph to be popped up, and with your dissector specifying a callback grabbing the IP address and the value of the bit code.  That might call the "draw an I/O graph" code with another callback specified; that callback would indicate whether to use the packet or not.

Or the first callback would just specify the appropriate filter to use.  That'd probably be useful for other protocols as well; perhaps making the callback per-protocol would suffice.