Hi,
at the moment I am improving an existing Wireshark dissector. For my improvement it is really necessary, that Wireshark processes the incoming frames in a row. This will be done perfectly, if I am starting a new capture.
But for the case, that I am stopping my current capture and starting it at a later point new without rebooting Wireshark, the frames are processed in a arbitrary order. I can check this conduct, with an easy output message to the Debug Console:
printf(“ Frame %u\n “, pinfo->fd->num);
(As far as I know, “pinfo->fd->num” returns the frame number of the current processed frame.)
With this function, I was able to see, that Wireshark jumps between the incoming frames during a running capture. For Example one conduct:
Frame 1 -230 processed in a row à Jump to Frame 1 again à Frame 1 -26 processed in a row à Jump to Frame 64 à
Jump to Frame 1 again à Jump to Frame 205 à next frames have been processed in a row…
I even didn’t click on any frame. I just started and stopped the capture again.
Therefore I wanted to ask, whether this behavior is known and a solution exists, or whether I can force Wireshark to strict process a special Frame with number “XYZ”? It would be nice, if someone could explain me this conduct of Wireshark, after starting
the capture new without closing the program, so that maybe I am able to deal with that conduct on my own.
If it helps to improve comprehension of my problem, I can create a screenshot and share it.
Thanks in advance.
