On Sep 8, 2009, at 12:14 PM, Beth wrote:
I'm writing a dissector for a wireless protocol, and would like
Wireshark to keep track of conversations between the various
endpoints.
The catch seems to be that the sniffer includes several additional
protocol layers above the wireless protocol, i.e. Ethernet/IP/UDP,
and the Wireshark conversation table only seems to include those
protocols in the conversation table.
In my dissector, I have added the usual call to find_conversation
followed by if (c==NULL) conversation_new(...), but I'm not seeing
my protocol in the conversation table. What might I be missing here?
What you're missing is the fact that, unfortunately, Wireshark has no
general notion of conversations. :-(
I.e., the infrastructure needed to do what you want doesn't exist. We
should provide a more general notion of conversations, for a number of
reasons.
What identifies the endpoints of your protocol's conversations?
