Appreciate all your responses.
The protocol for which I am implementing my dissector has messages both that are sent by the client to the server port 50505 and and by the server (from port 50505) to the client. The messages are different in both the directions and each of these messages has a message_id field as the first field whose value is not globally unique. Therefore, it is possible for me to get a Message_X (message_id = 1) going to port 50505 and get a Message_Y (message_id = 1) coming from port 50505. So, in order to dissect/parse the messages correctly, I need the sense of direction.
I added the following to the dissect_foo() function yesterday and I think this is what Abhik is probably referring to as well:
void dissect_foo(tvbuff_t* tvbuf, packet_info* pinfo, proto_tree* tree)
{
if ( (pinfo->ptype != PT_TCP) || (pinfo->destport != 50505) )
return;
/* switch on the message_id and parse the messages */
}
Please let me know if the above is correct.
Thanks,
Vikas
> Date: Sat, 12 Jan 2008 09:39:02 +0400
> From: sarkar.abhik@xxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] Unable to add my dissector for tcp.dstport
>
> On Jan 12, 2008 4:34 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> > That would mean that traffic from TCP port 50505 won't be dissected at
> > all.
> I did write in the initial part of my reply why Vikas should consider dissecting
> packets with source port 50505 as well... This suggestion was for the extreme
> case that he still wants to dissect for destination port 50505 (whatever the
> reason might be).
>
> >
> > (What happens if the traffic happens to be to *and* from port 50505?)
> >
> I must admit I didn't think of this particular case.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
It's about getting married. Click here! Try it!
|
