Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Non-TCP conversations ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 17 Dec 2002 03:12:22 -0800
On Tue, Dec 17, 2002 at 11:55:54AM +0100, Marc Van Riet wrote:
> I thought that we could use the 'Follow TCP Stream' and 'TCP Stream 
> Analysis' options in the 'Tools' menu if conversations were defined in 
> our dissector (with conversation_new() and find_conversation() ), but 
> appearantly this is not so.
> 
> What would I have to do to be able to use these options ?

Use TCP rather than a proprietary protocol that runs directly atop
Ethernet.  If your packets aren't TCP packets, they obviously do not
belong to a TCP stream, and obviously "Follow TCP Stream" and "TCP
Stream Analysis" won't work on them.

> What is the use of conversations if not for following (TCP) streams ?

The use of conversations is for keeping track of the packets that belong
to a "conversation", as defined by a source and destination addresses
and "port numbers", with some options for wildcarding, for whatever
reason a particular dissector would want.

Some dissectors for protocols running atop TCP might set up
conversations for their own purposes.  The same is true for protocols
*not* running atop TCP.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube