Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Wireshark-dev Digest, Vol 8, Issue 94

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Mon, 29 Jan 2007 00:27:11 +0400
Date: Sun, 28 Jan 2007 14:57:58 +0800
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Dissector for Cisco ITP packet logging
        facility
Abhik Sarkar wrote:
[...]
> Now, since wireshark can already dissect syslog packets and mtp
> packets, I thought of combining the two.

Cool, I think that would be a useful addition to Wireshark.  However I
suspect that a separate dissector is not a good idea but your changes
would have to be merged into the existing syslog dissector (which
appears easy since that's where you started).  Could you provide a
(small) sample capture file to test with (you could send it to
the list or to me privately if you prefer)?

Hi Jeff,

Thanks for the reply. I agree with you... however, since this is the
first time I am playing around with wireshark code, I did not want to
"pollute" the code of a stable dissector. However, since paklog isn't
really a protocol in itself, it would be fine to extent the syslog
dissector.

I will send you a capture seperately (as it might have potentially
network sensitive information).

I have also been trying to find out a way to get the syslog dissector
to tells all subsequent dissectors that the byte array was generated
and not present in the actual capture and hence to mark their protocol
tree items using the PROTO_ITEM_SET_GENERATED macro, but have so far
been unsuccessful. Perhaps you have some ideas on this.

Best regards,
Abhik.