Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Index of multiple protocol frames in one packet?

From: Petr Gotthard <petr.gotthard@xxxxxxxxxx>
Date: Tue, 06 Oct 2015 08:07:08 +0200
Hello,

Is there a way to distinguish multiple frames of the same protocol in one TCP/IP packet? I have several small AMQP frames which all fit into a single IP frame, so they share a single packet_info structure.When I call p_add_proto_data() for the second AMQP frame, it (obviously) overwrites data stored for the first frame, so I need to distibguish between them somehow.

Is there a counter that would tell me "this is a third AMQP frame in this pinfo"? I found packet_info->curr_layer_num, but this is useful for nested frames (like IP in IP). Is there something similar for groupped frames, please?


Thanks,
Petr