Wireshark · Wireshark-dev: Re: [Wireshark-dev] How to modify existing RTP conversation?

Wireshark-dev: Re: [Wireshark-dev] How to modify existing RTP conversation?

From: Jirka Novak <j.novak@xxxxxxxxxxxx>

Date: Mon, 9 Jan 2017 10:50:10 +0100

Hi,

  did I made wrong code analysis and root cause is somewhere else?

>> I would like to know where this is done:
>>
>>  I analysed the code and found that for #1 is created "full"
>> conversation (full = SRC_IP:SRC_PORT <-> DST_IP:DST_PORT) with UDP as
>> protocol.
>>
>> because that sounds questionable. 
> 
> packet_udp.c: dissect() calls find_or_create_conversation(pinfo) for
> every packet. When packet is new (#1 in my example), it creates new full
> conversation just for UDP layer.
> Conversation is created as full/bidirectional, I checked it with enabled
> DEBUG_CONVERSATION.

						Sincerely yours,

							Jirka Novak

References:
- [Wireshark-dev] How to modify existing RTP conversation?
  - From: Jirka Novak
- Re: [Wireshark-dev] How to modify existing RTP conversation?
  - From: Jaap Keuter
- Re: [Wireshark-dev] How to modify existing RTP conversation?
  - From: Jirka Novak

Prev by Date: Re: [Wireshark-dev] Remote Control Plugin - Can I submit to the Wireshark project
Next by Date: [Wireshark-dev] What is different in compilation/linking of tshark and wireshark?
Previous by thread: Re: [Wireshark-dev] How to modify existing RTP conversation?
Next by thread: [Wireshark-dev] Protocols vs dissectors, take 23
Index(es):
- Date
- Thread