Re: Undissected packet bytes

[Alexis La Goutte <alexis.lagoutte () gmail com>]

There is some dissector (like ICMPv6, IEEE 802.11 or CAPWAP...)

where there is already expert info about undecoded code...

On Tue, Feb 3, 2015 at 6:15 PM, Evan Huus <eapache () gmail com> wrote:

> As far as I know this is not currently available, but it would
> probably be fairly useful and easy. You just need to iterate the proto
> tree and keep track of which byte ranges are claimed/unclaimed.
> proto_find_field_from_offset does something related to this (it is
> used for matching bytes to fields in the UI) so it's probably a good
> place to start.
>
> On Tue, Feb 3, 2015 at 12:08 PM, Dario Lombardo
> <dario.lombardo.ml () gmail com> wrote:
> > Hi list
> > I was wondering if there is a comfortable way to find out undissected
> bytes
> > in packets. This would be useful to find incomplete dissectors.
> > Any hint?
> > Thanks!
> > Dario.
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe