Anergy Virt wrote:
I want to run dissector on certain packets in the stream of packets.
What is the ultimate goal you are trying to accomplish here?
Is
it possible to store the pointers to packet data and call dissector
later for those packets only?
No.
or the only possibility is to store myself those packets or dissected
information as they arrive?
If you need information from packets earlier in the capture, you need to
store that information the first time the packets are dissected.
(Wireshark apparently seems to store raw packet data because dissector
is called whenever one clicks on the tree in UI...am I right?)
No. The raw packet data is stored in the capture file, not in memory.
(*Reassembled* packets are *currently* stored in memory, but that is
*NOT* a feature, it's just a characteristic of the implementation, and
if we can, in the future, arrange that they not be stored in memory any
longer than they have to be, we will do so, as that could significantly
improve Wireshark's and TShark's memory footprint.)
