Wireshark-dev: Re: [Wireshark-dev] Disectors & conversations
From: Jaap Keuter <[email protected]>
Date: Wed, 21 Jun 2006 19:13:26 +0200 (CEST)
Hi,

Technically the TCP ACK only packet isn't part of your protocol, it's an
underlying mechanism that transports the data for you. The whole idea of
protocol layers is that they are independant, it should be possible to
replace TCP with another stream protocol and your application still works.
Think of UNIX sockets for instance. That is why you shouldn't be concerned
with that in relation to your protocol.

Thanx,
Jaap

On Wed, 21 Jun 2006, Cook, Timothy wrote:

> Isn't it true that myDissector only gets called if the TCP data length >
> 0?  Therefore, since a TCP ACK (data length = 0) will not cause
> myDissector to be called.
>
> I'm new to this whole process!
>
> -Tim
>
>
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]] On Behalf Of Jaap Keuter
> > Sent: Wednesday, June 21, 2006 11:59 AM
> > To: Developer support list for Wireshark
> > Subject: Re: [Wireshark-dev] Disectors & conversations
> >
> > Hi,
> >
> > How about
> >
> >       if (check_col(pinfo->cinfo, COL_PROTOCOL))
> >       {
> >         col_set_str(pinfo->cinfo, COL_PROTOCOL, "myProtocol" );
> >       }
> >
> > Thanx,
> > Jaap
> >
> > On Wed, 21 Jun 2006, Cook, Timothy wrote:
> >
> > > We have written a new dissector for Wireshark.  Using the the
> > > README.developer (plus other dissector examples) made the creation
> > > very simple (thanks for the detailed info).
> > >
> > > My dissector hooks TCP port 1000.
> > >
> > > How can I hook TCP packets (SYN/FIN/RST/...) and change the
> > Protocol
> > > column data to mimic the respective dissector.
> > >
> > > I want to be able to filter based on the protocol & get the whole
> > > conversation, including the channel open & close.
> > >
> > >
> > > -Tim
> > >
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> > ______________________________________________________________
> > _______________
> > Scanned by IBM Email Security Management Services powered by
> > MessageLabs. For more information please visit
> > http://www.ers.ibm.com
> > ______________________________________________________________
> > _______________
> >
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>