Jose M. Pardo wrote:
> I have to dissect a PDU_B according some data stored in a previous PDU_A.
>
> How can I access to this data?
By having the dissector for PDU A save that data somewhere that PDU B can
access.
Are PDU's A and B PDUs for the same protocol?
What fields in PDUs A and B relate them? Is PDU B a reponse to PDU A, so
that, for example, there's a transaction ID field in PDU A and PDU B,
which have the same value in a request and in a response to the request?
> One step beyond..if I apply a filter and the PDU_A is hidden. Can I fetch
> those data or are they unavailable?
The data would be stored in some data structure when the capture is first
read in; it's irrelevant whether the PDU from which that data came is
displayed at the time that you look at the other PDU, it'll still be
available.
> There's in the source code a protocol dissector that works in this way?
For the "PDU B is a response to PDU A" case, look at, for example, the ONC
RPC dissector (packet-rpc.c) - the request and response both contain a
transaction ID (XID), but only the request contains the program, version,
and procedure number of the request, so, in order to dissect the response,
you have to get the program, version, and procedure number from the
request. That information is stored in a hash table, using the
transaction ID and some indication of what packet flow (TCP connection,
UDP packet exchange) the transaction was in.
