Wireshark · Wireshark-dev: Re: [Wireshark-dev] New protocol dissectors developments in Wireshark

["Peter Johansson" <peterjohansson73@xxxxxxxxx>]

2008/9/17 Gaurav1 Jain <gaurav1.jain@xxxxxx>

Hello Guys,

 

We have planned to plug a new dissector to already available family of dissectors in Wireshark (Linux).

 

A very brief idea is that Libpcap will be capturing packets (around 160-180 bytes) every 20 mili-sec from interfaces and will be providing the same to dissector.

There will be some significant number of interfaces available for such operation.

 

Can anyone please let me know if it is a possibility that dissection of packets may take significant time (considering complex nature of protocol) and capturing takes a backseat and some packet may get dropped? Is there a possibility that capturing is always on (at the highest priority) and whenever time is available dissection and display activities may be carried out?

 

Please provide your valuable feedback.

 

Regards,

Gaurav

 

Hi Gaurav,

 

protocol dissection can surely take some time and it is a bit hard to answer exacltly how long it will take since it also depends on the performance of the computer you have at hand (of course).

However, currently as far as I know, you cannot delay displaying dissected data if the display option was turned on when you started your capture session. However; why not just capture data and while capturing not displaying the dissected results and instead display it when you have stopped your capture? Is that not an option?

 

On the other hand, dissecting data of your intended packet size (roughly peaking at 180 bytes) once every 20ms should generally not be a problem with any modern, or even not-so-modern computer.

 

Regards, Peter