Re: Conversation tracking

[Stephen Fisher <steve () stephen-fisher com>]

---- On Fri, 11 May 2012 08:30:03 -0600 Tobias Weiss  wrote ---- 

> Right now I'm puzzled: I wanted to use conversation tracking in order to save information about the state of the 
> communication across packet dissection. 
>
> The dissector is called completely out of order (which is reasonable) but I get always the same conversation, even 
> when dissecting an older packet than the last one. So saving the state of the communication is completely pointless if 
> the same conversation is used for dissecting random packets. Here is an example just in case you don't understand my 
> possibly weird English ;-) 
>
> I have a stream of 10 packets and something interesting was send in packet number 3. Now I want to save this 
> information in the conversations data in order to reuse it when dissecting future packets. But the dissector is called 
> randomly (which is ok) but always with the same conversation (which is absolutely not ok in this case). 
>
> I simply cannot rely on the saved information. So how am I supposed to use conversation tracking in a sane way (as far 
> as I can see I can't _track_ anything)??? 

Are you trying to keep track of where the current packet belongs in the whole conversation?  The exec dissector I 
previously mentioned (packet-exec.c) does this.  Look at the exec_hash_entry_t struct up toward the top.  A more 
advanced (overly complex) version of this is in the VNC dissector (packet-vnc.c).  In the VNC dissector, we use both 
per conversation data (such as conversation_add_proto_data) and per packet info (such as p_get_proto_data).

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe