Wireshark mailing list archives
Re: Reading from and writing back to tvbuff
From: Stephen Fisher <steve () stephen-fisher com>
Date: Sat, 15 May 2010 00:09:12 -0600
On Wed, May 12, 2010 at 07:16:17PM +1000, Craig Bumpstead wrote:
Is it ok to read from tvbuff, manipulate the string and write back to it without messing up Wireshark??
No.
I would like my proprietary protocol to show relevant information in "Follow TCP Stream". All it shows at the moment is illegible hex. Is it possible to write code for a dissector / interpreter for "Follow TCP Stream"?
What about writing your own "Follow xxx" feature? A while back, I put a lot of work into separating those functions and source code files into follow_ssl.[ch], follow_tcp.[ch] and follow_udp.[ch] along with follow_stream.[ch] for shared functionality. Some is still in epan/follow.[ch]. It's not as cleaned up as I would like, but it should help make it easier. Follow TCP and UDP take straight text, whereas Follow SSL decrypts the data first. Your addition could decrypt or do whatever you need to to the data and then display it. Let us know if you need some explaination on the current following clode. -- Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Reading from and writing back to tvbuff Craig Bumpstead (May 12)
- Re: Reading from and writing back to tvbuff Jaap Keuter (May 12)
- Re: Reading from and writing back to tvbuff Stephen Fisher (May 14)