Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: Re: [Wireshark-dev] is it possible to replace Source Destination columns with my own's protocol Destination and Source values?

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Tue, 6 Nov 2007 21:18:57 +0400

I think so. You need to look at epan/address.h. If your source and destination address type is already covered by one of the types defined in there, then you just be able to call the SET_ADDRESS macro in pinfo->src and pinfo->dst from your dissector. If the type is not covered, then you need to do what is written in address.h to add a new type and then call SET_ADDRESS from your dissector.

I haven't ever tried this myself, so can't guarantee that it will work... but looking at some of the other dissectors, I think this is the way to do it.

Hope this helps

Abhik.

On Nov 6, 2007 7:58 PM, Daniel Roman <danielson80@xxxxxxxxx> wrote:

Hello:

I'm writing a dissector for a protocol which lies under the IP
protocol. Therefore the protocol stack looks like,
Ethernet->IP->myProtocol.
The protocol I'm trying to dissect has it's own Source and Destination
values different thant the ones the IP header provides. I would like
to ignore the Source and Destination that the IP protocol provides to
wireshark, so that when I run the Flow Graph option under the
statistics menu I could observe my protocols source and destination
values instead of the IP protocol's source/dest.

I was succesfull on writing to the Info column, but I haven't found a
way to write to the Source and Destination column.

Ideally I would like to ignore the IP dissector stuff and let my
dissector populate the appropiate columns with its own Source and
Destination values, etc.

Is this possible?

Thank you,

Dan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

References:
- [Wireshark-dev] is it possible to replace Source Destination columns with my own's protocol Destination and Source values?
  - From: Daniel Roman

Prev by Date: [Wireshark-dev] is it possible to replace Source Destination columns with my own's protocol Destination and Source values?
Next by Date: Re: [Wireshark-dev] Voice (RTP stream) quality - mos, delay, bandwidth, ...
Previous by thread: [Wireshark-dev] is it possible to replace Source Destination columns with my own's protocol Destination and Source values?
Next by thread: [Wireshark-dev] Wireshark and SQL
Index(es):
- Date
- Thread