Wireshark-dev: Re: [Wireshark-dev] is it possible to replace Source Destination columns with my
From: "Abhik Sarkar" <[email protected]>
Date: Tue, 6 Nov 2007 21:18:57 +0400
I think so. You need to look at epan/address.h. If your source and destination address type is already covered by one of the types defined in there, then you just be able to call the SET_ADDRESS macro in pinfo->src and pinfo->dst from your dissector. If the type is not covered, then you need to do what is written in address.h to add a new type and then call SET_ADDRESS from your dissector.
I haven't ever tried this myself, so can't guarantee that it will work... but looking at some of the other dissectors, I think this is the way to do it.
Hope this helps
On Nov 6, 2007 7:58 PM, Daniel Roman <[email protected]> wrote:

I'm writing a dissector for a protocol which lies under the IP
protocol. Therefore the protocol stack looks like,
The protocol I'm trying to dissect has it's own Source and Destination
values different thant the ones the IP header provides. I would like
to ignore the Source and Destination that the IP protocol provides to
wireshark, so that when I run the Flow Graph option under the
statistics menu I could observe my protocols source and destination
values instead of the IP protocol's source/dest.

I was succesfull on writing to the Info column, but I haven't found a
way to write to the Source and Destination column.

Ideally I would like to ignore the IP dissector stuff and let my
dissector populate the appropiate columns with its own Source and
Destination values, etc.

Is this possible?

Thank you,

