Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Filtering

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 31 Mar 2009 15:21:28 -0700

On Mar 31, 2009, at 1:19 PM, gogrady@xxxxxxxxx wrote:

I have read through both of those, though i probably should do it again now that i know more. But maybe I'm just confused on how the others are outputted. right now i add to the tree with:

time = (_GetMsgTime)();
pi = proto_tree_add_text(icom_message_tree, tvb, 0, 0, "Time: %s", time);

Wireshark expects to be handed a raw blob of binary packet data, and to *itself* fetch values from that blob and generate *its own* human- readable descriptions, so that it can do more with fields in packets than just display them to the user.

If your DLL is handed the raw blob, and returns only human-readable descriptions of fields, it's not going to work very well in a Wireshark dissector.