Wireshark mailing list archives
Dissector - How to add a new row to display next message payload in next row
From: Joe Leong <jleong () vtmgroup com>
Date: Thu, 2 Aug 2012 21:38:06 +0000
In the Developer's Guide, 9.4.2 How to reassemble split TCP Packets
mentions "You also cannot assume that a TCP packet contains only one application layer message and that the message
header is at the start of your TCP payload. More than one messages can be transmitted in one TCP packet, so that a
message can start at an arbitrary position.".
I have this situation and
Would there be an example that show how to properly display the COL_INFO for the second TCP payload message as a
separate (next) row?
e.g. - Currently, my dissector performs the correction dissection on both messages, but I'm having to display the
information for both messages on the same row within the "Info" column
So it looks like
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG CAT
What do I see to do to make the presentation look like
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG
CAT
or even
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG
1 232.1 10.1.1.1 10.1.1.2 XXXX CAT
or perhaps
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG
2 232.1 10.1.1.1 10.1.1.2 XXXX CAT
Basically, how do I allocate and display information to the next row from within my dissector?
Thanks,
Joe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissector - How to add a new row to display next message payload in next row Joe Leong (Aug 03)