Wireshark · Wireshark-dev: Re: [Wireshark-dev] Index of multiple protocol frames in one packet?

Wireshark-dev: Re: [Wireshark-dev] Index of multiple protocol frames in one packet?

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>

Date: Tue, 6 Oct 2015 08:17:53 +0200

2015-10-06 8:07 GMT+02:00 Petr Gotthard <petr.gotthard@xxxxxxxxxx>:

Hello,

Is there a way to distinguish multiple frames of the same protocol in one TCP/IP packet? I have several small AMQP frames which all fit into a single IP frame, so they share a single packet_info structure.When I call p_add_proto_data() for the second AMQP frame, it (obviously) overwrites data stored for the first frame, so I need to distibguish between them somehow.

Is there a counter that would tell me "this is a third AMQP frame in this pinfo"? I found packet_info->curr_layer_num, but this is useful for nested frames (like IP in IP). Is there something similar for groupped frames, please?

Hi Peter,

I'm not sure we have such counter, but https://code.wireshark.org/review/#/c/10579/ suggested the use of tvb_raw_offset as key for p_(add|get)_proto_data() functions which seems a good tradeoff.

Best regards,

Pascal.

Follow-Ups:
- Re: [Wireshark-dev] Index of multiple protocol frames in one packet?
  - From: Jeff Morriss

References:
- [Wireshark-dev] Index of multiple protocol frames in one packet?
  - From: Petr Gotthard

Prev by Date: [Wireshark-dev] Index of multiple protocol frames in one packet?
Next by Date: Re: [Wireshark-dev] Index of multiple protocol frames in one packet?
Previous by thread: [Wireshark-dev] Index of multiple protocol frames in one packet?
Next by thread: Re: [Wireshark-dev] Index of multiple protocol frames in one packet?
Index(es):
- Date
- Thread