Wireshark · Ethereal-dev: Re: [Ethereal-dev] TCP stream graph limitations

Ethereal-dev: Re: [Ethereal-dev] TCP stream graph limitations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Mon, 12 Apr 2004 12:40:23 -0700 (PDT)

Christian Falckenberg said:
>> I really like the integration of TCP trace analysis capabilities into
> Ethereal. Unfortunately, the code seems to be dependent on the lower
> layer protocols, so that I get the error message "Selected packet is not
> a TCP segment" if I select a TCP packet where the IP protocol is not on
> top of Ethernet (e.g. "Linux cooked capture" for tcpdumps on PPP
> interfaces on Linux, or for IP on top of GPRS SNDCP).
>
> Is there an easy way to fix this, instead of adding new encapsulation
> types to get_headers in gtk/tcp_graph.c?

I'm not sure how "easy" it is, but the correct way to fix it would
probably be to reimplement it using the tap mechanism, making it a tap for
the TCP dissector.  This might require that some more information be added
to the data structure supplied to taps by the TCP dissector; I don't know
what else would be involved (but I do remember looking at it and deciding
that it wasn't a trivial change, although I no longer remember the issues
involved).

References:
- [Ethereal-dev] TCP stream graph limitations
  - From: Christian Falckenberg

Prev by Date: Re: [Ethereal-dev] A GUI suggestion
Next by Date: Re: [Ethereal-dev] what about a wiki-page for ethereal
Previous by thread: [Ethereal-dev] TCP stream graph limitations
Next by thread: [Ethereal-dev] Cisco PVSTP+ BPDUs
Index(es):
- Date
- Thread