I am writing a dissector for a protocol where a packet contains several different kinds of internal msgs and has 0-N instances of each kind of internal message. I am trying to figure out the best way to set up the etts. (I am new to writing dissectors so maybe I am thinking about it all wrong)

So within a packet there are message of Type (A,B,C)

Just for a simple example A has 2 ints, B has 2 floats, C has one int

In this example packet we receive 2 A’s, 1 Bs, and 0 C’s (keep in mind the next packet might be 5 A’s ,0 B’s , 3C’s)

So a given tree might look like this

Protocol

+-A

 |  +-A[0]

 |   |  + -int 1 = 1

 |   |  +- int 2 = 2

 |   +-A[1]

 |   |  + -int 1 = 3

 |   |  +- int 2 = 4

+-B

   +-B[0]

       +- float 1 = 5.0

       +- float 2 = 6.0

Keep in mind the index for A and B are irrelevant to the data inside them…so int 1 and int 2 might form an “ID” for the A data and float 1 might form an “ID” for the B data.

Sorry to talk in abstract I am just trying to not muddle the problem by bringing in my particular Object Model.

For now I have an ett value for A, and for B so if you expand just A[0] as you click the other packets youll expand all A[*] trees. It’s a little ugly especially when lists get long. Does any one know of a good example that solves this kind of problem? Am I doing something really dumb?

Thanks,

Jim