Wireshark-dev: Re: [Wireshark-dev] is it possible to replace Source Destination columns with my
I think so. You need to look at epan/address.h. If your source and destination address type is already covered by one of the types defined in there, then you just be able to call the SET_ADDRESS macro in pinfo->src and pinfo->dst from your dissector. If the type is not covered, then you need to do what is written in
address.h to add a new type and then call SET_ADDRESS from your dissector.
I haven't ever tried this myself, so can't guarantee that it will work... but looking at some of the other dissectors, I think this is the way to do it.
Hope this helps
Abhik.
On Nov 6, 2007 7:58 PM, Daniel Roman <
danielson80@xxxxxxxxx> wrote:
Hello:
I'm writing a dissector for a protocol which lies under the IP
protocol. Therefore the protocol stack looks like,
Ethernet->IP->myProtocol.
The protocol I'm trying to dissect has it's own Source and Destination
values different thant the ones the IP header provides. I would like
to ignore the Source and Destination that the IP protocol provides to
wireshark, so that when I run the Flow Graph option under the
statistics menu I could observe my protocols source and destination
values instead of the IP protocol's source/dest.
I was succesfull on writing to the Info column, but I haven't found a
way to write to the Source and Destination column.
Ideally I would like to ignore the IP dissector stuff and let my
dissector populate the appropiate columns with its own Source and
Destination values, etc.
Is this possible?
Thank you,
Dan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
