Re: Incorrect decoding at first time, then filtering at the second time corrects the decoding

[Guy Harris <guy () alum mit edu>]

On Dec 8, 2010, at 9:22 AM, Andreas wrote:

> Am 08.12.2010 17:14, schrieb Stephen Fisher:
> > On Wed, Dec 08, 2010 at 12:29:40PM +0530, Vishal Kumar Singh wrote:
> >
> > The best solution is to keep track of the information from previous
> > packets only on the first pass and store the data on a per-conversation
> > and per-packet basis.
>
> I know already the conversion-data. But what is the intension of the 
> per-packet data? Usually I have the raw data available with the tvb.

The raw data might not be fully dissectable without some further information.

For example, in an SMTP connection, some packets going from the client to the server contain commands and some contain 
mail-message data; Wireshark dissects them differently, and it has to attach to a given packet an indication of whether 
it contains commands or mail-message data.  In addition, to handle STARTTLS, it *also* has to indicate whether the 
packet contains TLS-encapsulated SMTP, rather than unencapsulated commands or mail-message data.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe