Wireshark · Ethereal-dev: Re: [Ethereal-dev] Tapping

Ethereal-dev: Re: [Ethereal-dev] Tapping

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Thu, 30 Sep 2004 19:35:50 -0700 (PDT)

ronnie sahlberg said:
>> Is it possible to write a tapping for an existing protocol without
>> making any changes on the source code (Assuming that the protocol
doesn't have
>> a tap device installed on it.)?
> No

Couldn't a tap just get the protocol tree and process that?  (That might
not supply enough information, and the protocol tree is somewhat of a pain
to process, but if he really wants to build a tap for an existing protocol
without modifying the dissector, that's about all he can do....)

>> 2nd question
>> This may be kind of a dumb question but is it possible to call a
>> dissectorY
>> from a tap for dissectorX? If so, how?
> No

...because the dissection and the taps are done in separate passes.  By
the time the taps are called, the dissection is complete and dissectors
can't be called.

Follow-Ups:
- Re: [Ethereal-dev] Tapping
  - From: ronnie sahlberg

References:
- [Ethereal-dev] Tapping
  - From: Luis Monge
- Re: [Ethereal-dev] Tapping
  - From: ronnie sahlberg

Prev by Date: [Ethereal-dev] [PATCH] Dissect EAP-FAST
Next by Date: Re: [Ethereal-dev] Tapping
Previous by thread: Re: [Ethereal-dev] Tapping
Next by thread: Re: [Ethereal-dev] Tapping
Index(es):
- Date
- Thread