> I need summary graphs for the network data analysis at work.
What sort of summary graphs are you thinking of doing? Summaries as in
"28% of the traffic is HTTP, 17% is FTP, 42% is SMB, ..."?
> Is anyone already working on this?
Not that I know of; people have talked about it, but I don't know of
anybody working on it.
> From my basic glance through the code, it /appears/ that the
> protocol tree just contains strings. Is this actually the case?
No. Each node in the protocol tree contains a pointer to a "field_info"
structure, which contains, among other things:
1) a pointer to a "header_field_info" structure, which contains,
among other things, a field type;
2) a union, "value", which contains a value appropriate for that
field type.
Many entries in the protocol tree are "anonymous" entries, containing
just a string; however, if a protocol has registered a particular field,
it can put in an entry corresponding to that field, which could have,
say, a numeric value.
> Where in the code should I look for details?
"proto.c" and "proto.h", for starters.
