Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Enhancement to Flow graph in Wireshark

From: "BANDARU, Govindarao (Govindarao)" <govindarao@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Jun 2009 16:24:00 +0530
Didier,
    Thanks a lot for quick response. I will give a try now. 
    Where I can see text output of flow graph? Please let me know.

Thanks,
Govind

-----Original Message-----
From: didier [mailto:dgautheron@xxxxxxxx] 
Sent: Tuesday, June 09, 2009 9:00 PM
To: Developer support list for Wireshark
Cc: BANDARU, Govindarao (Govindarao)
Subject: Re: [Wireshark-dev] Enhancement to Flow graph in Wireshark

Hi,
Le mardi 09 juin 2009 à 11:55 +0530, BANDARU, Govindarao (Govindarao) a
écrit :
> Hi All,
> 
>    I have a request for you. I need your help/suggestions for the
> following issue on flow graph in Wireshark. 
> 
>   We have a feature called 'flow graph' in wireshark as you know. It
> shows messages in a call flow among each entity with an IP address. We
> can name each IP address with an entity name through hosts file. This
> is fine, where each entity(NE,network element) has single IP address
> for each interface. 
> 
>   But the issue is with when each NE(Network Element) has different IP
> addresses for the interface. For example, one NE (XX) will have
> different IP addresses for different interfaces. So in the Wireshark,
> in the hosts file, even if we define same host name (NE, XX) to
> different IP address  it will not plot a flow showing one
> entity(NE,XX). It will generate a flow showing  different entity (XX).
> Can you please suggest me how to implement this enhancement where we 
You have to modify at least:
gtk/flow_graph.c
gtk/graph_analysis.c
gtk/graph_analysis.h

and maybe files including graph_analysis.h if you changed structures
definition.

You need a new node type, ie hostname and modify the logic each time
you're seeing CMP_ADDRESS, COPY_ADDRESS.
You can get an IP hostname with Wireshark function get_addr_name()

> can see correct flow graph for this? How much time it will take to
> implement this in Wireshark? 
With testing? At most half a day.

>   One more thing is,  can we save flow in a readable format (could be
> in pdf format)?
There's a text output, no idea if it's readable though :)

Didier

>