Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Dissector for Cisco ITP packet logging facility

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Mon, 29 Jan 2007 00:31:50 +0400
Sorry! Forgot to change the subject in my previous post :-(

On 1/29/07, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
> Date: Sun, 28 Jan 2007 14:57:58 +0800
> From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] Dissector for Cisco ITP packet logging
>         facility
> Abhik Sarkar wrote:
> [...]
> > Now, since wireshark can already dissect syslog packets and mtp
> > packets, I thought of combining the two.
>
> Cool, I think that would be a useful addition to Wireshark.  However I
> suspect that a separate dissector is not a good idea but your changes
> would have to be merged into the existing syslog dissector (which
> appears easy since that's where you started).  Could you provide a
> (small) sample capture file to test with (you could send it to
> the list or to me privately if you prefer)?

Hi Jeff,

Thanks for the reply. I agree with you... however, since this is the
first time I am playing around with wireshark code, I did not want to
"pollute" the code of a stable dissector. However, since paklog isn't
really a protocol in itself, it would be fine to extent the syslog
dissector.

I will send you a capture seperately (as it might have potentially
network sensitive information).

I have also been trying to find out a way to get the syslog dissector
to tells all subsequent dissectors that the byte array was generated
and not present in the actual capture and hence to mark their protocol
tree items using the PROTO_ITEM_SET_GENERATED macro, but have so far
been unsuccessful. Perhaps you have some ideas on this.

Best regards,
Abhik.