Wireshark · Wireshark-dev: Re: [Wireshark-dev] Meaning of packet_info.p2p

Wireshark-dev: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 19 Jun 2009 14:39:08 -0700


On Jun 19, 2009, at 9:25 AM, Jeff Morriss wrote:

Well, I don't know if it's the same for all protocols, but it'susually
set to one of these defines:

epan/packet_info.h:#define P2P_DIR_UNKNOWN      -1

...which means "there's not enough information in the file todetermine the direction".

epan/packet_info.h:#define P2P_DIR_SENT 0
epan/packet_info.h:#define P2P_DIR_RECV 1
epan/packet_info.h:#define P2P_DIR_UL   0
epan/packet_info.h:#define P2P_DIR_DL   1

It's useful in protocols when you know you're the sender or thereceiver

(and that makes a difference when dissecting).

Although, in some places, it just matters whether the traffic is going"to the left" or "to the right"; if, for example, the capture comesfrom a passive tap, you're *a* receiver for all of it, but you stillmight be able to tell the difference between the two directions.

For some protocols, where you have a network endpoint communicatingwith a network (ISDN, for example), "sent" should probably mean "userto network" and "received" should probably mean "network to user".

Follow-Ups:
- Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
  - From: Michael Lum

References:
- [Wireshark-dev] Meaning of packet_info.p2p_dir ?
  - From: Michael Lum
- Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-dev] Raw Fibre Channel dissector
Next by Date: Re: [Wireshark-dev] Raw Fibre Channel dissector
Previous by thread: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
Next by thread: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
Index(es):
- Date
- Thread