Wireshark-dev: Re: [Wireshark-dev] Undissected packet bytes
From: Michal Labedzki <[email protected]>
Date: Wed, 4 Feb 2015 09:46:43 +0100
I use expert info about undecoded thing in Bluetooth dissectors.

In proto.h:
/** The data is undecoded, the protocol dissection is incomplete here,
usually PI_WARN severity */
#define PI_UNDECODED            0x05000000

But I use it with PI_NOTE, because I treat PI_WARN more like a "bug"
rather than incomplete dissections.

On 3 February 2015 at 23:52, Alexis La Goutte <[email protected]> wrote:
> There is some dissector (like ICMPv6, IEEE 802.11 or CAPWAP...)
>
> where there is already expert info about undecoded code...
>
>
> On Tue, Feb 3, 2015 at 6:15 PM, Evan Huus <[email protected]> wrote:
>>
>> As far as I know this is not currently available, but it would
>> probably be fairly useful and easy. You just need to iterate the proto
>> tree and keep track of which byte ranges are claimed/unclaimed.
>> proto_find_field_from_offset does something related to this (it is
>> used for matching bytes to fields in the UI) so it's probably a good
>> place to start.
>>
>> On Tue, Feb 3, 2015 at 12:08 PM, Dario Lombardo
>> <[email protected]> wrote:
>> > Hi list
>> > I was wondering if there is a comfortable way to find out undissected
>> > bytes
>> > in packets. This would be useful to find incomplete dissectors.
>> > Any hint?
>> > Thanks!
>> > Dario.
>> >
>> >
>> > ___________________________________________________________________________
>> > Sent via:    Wireshark-dev mailing list <[email protected]>
>> > Archives:    http://www.wireshark.org/lists/wireshark-dev
>> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> >
>> > mailto:[email protected]?subject=unsubscribe
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <[email protected]>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>
>> mailto:[email protected]?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:[email protected]?subject=unsubscribe



-- 

Pozdrawiam / Best regards
-------------------------------------------------------------------------------------------------------------
Michał Łabędzki, Software Engineer
Tieto Corporation

Product Development Services

http://www.tieto.com / http://www.tieto.pl
---
ASCII: Michal Labedzki
location: Swobodna 1 Street, 50-088 Wrocław, Poland
room: 5.01 (desk next to 5.08)
---
Please note: The information contained in this message may be legally
privileged and confidential and protected from disclosure. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorised use, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to
the message and deleting it from your computer. Thank You.
---
Please consider the environment before printing this e-mail.
---
Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
812023656. Kapitał zakładowy: 4 271500 PLN