Hi,
I'm writing my own dissector and I've been quite successful, but lately I
wanted to add some dynamic analysis (based on info from other packets) and
I stumbled into some problems.
All I know about conversations is from README.developer.
My dissector works well if it's called once for each frame, in correct
order. The problems start when I click on a frame in Wireshark window -
then my dissector is called for this frame again, _twice_.
I guess it's the correct behaviour that the dissector is called several
times, so my main question is:
What is the suggested way to make sure the dissection result is the same
in the first dissector call and the later
ones (when I click)?
Also:
Is the conversation data somehow saved for each frame when it changes or
is there always exactly one such data structure for one conversation in
the program?
Is there an easy way to tell my dissector is being run the first time for
a specific frame (i.e. just after capture, not after filtering or after
clicking on a packet)?
Why is the dissector called twice with every click on a frame in the
Wireshark window - is this the desired behaviour?
Thanks in advance,
Noix
