Beth,
The way you need to it (in my view) would be to create a data structure that would store away the data you expect to need (obviously for your case the ip adress, ports, seq number and time of capture).
Then for every response you see, you need to check through your list of stored data, and find the that data you stored away, and insert it into the current packets tree. Obviously this only works if you are looking backwards.
(A TCP conversation is uniquely identified now (in recent versions) by the tcp.stream, so that can help a lot in what you need to save).
(To reference forward you would have to hold off on the full dissection of the current packet until you see the future packet - don't know if this can be done easily with LUA API)
Regards, Martin
MartinVisser99@xxxxxxxxx
On Wed, Sep 16, 2009 at 12:17 AM, Beth
<beth.tridium@xxxxxxxxx> wrote:
Thanks Martin, I've been looking at that page among others. They have been some help in getting my Lua program to process the current packet.
But I still haven't seen anything that helps me add to the display tree of a different packet from the one I'm processing at the moment.
I think I should look more closely at the fragment reassembly C code, and see what it does there.On Tue, Sep 15, 2009 at 3:55 AM, Martin Visser
<martinvisser99@xxxxxxxxx> wrote:
Beth,
I actually was writing something similar a while back (for HTTP traffic) but never quite got it finished. ( I was trying to figure out the best way to store the info for each I need for each packet so that I could do the association to calc the response times).
Anyway to display and add items to a tree have a look at the chained dissector code in http://wiki.wireshark.org/Lua/Dissectors. This mostly seems to work.
(You have given me some incentive to start looking again at lua, I'd certainly like to see any code that you have that you have got working)
Regards, Martin
MartinVisser99@xxxxxxxxx
In my Lua program, I am analyzing how long it takes certain packets to be acked. I can calculate the information once I get the ack packet, but what I would really like to do is to add the "time to ack" (or "never acked") data to the tree for the original packet. I know this can be done in C, since the Wireshark fragment reassembly does it very nicely, but can it also be done from Lua?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
