Wireshark · Wireshark-dev: [Wireshark-dev] display filtering + how to analyze some TCP packets

Wireshark-dev: [Wireshark-dev] display filtering + how to analyze some TCP packets

Date: Tue, 25 Oct 2011 17:26:32 +0200

Hi,

1st question:
It took me some time but thanks to README.developer I think I
understand how display filtering works now. I was wondering if it was
possible to update an item's header field id after its creation. For
example:
proto_item* pi = proto_tree_add_text(subtree,tvb,offset,4,"Type: %u",type);
set_item_header_field(&hf_my_field_id);   /// for example. Does any
equivalent function exists


And my 2nd question would be:
There is some TCP traffic going on random ports concerning the
protocol I analyze. How can I assign this traffic to my dissector ? It
needs to analyze the first bytes to know if it matches my protocol.
I solved the problem for udp (it's a predefined port):
dissector_add_uint("udp.port", ENERGYWISE_UDP_DPORT, energywise_udp_handle);
but I dunno for tcp.

Once I've recognized the first packet, I read that I had to start a
conversation.

Regards
Matt

Nb: At first I wanted to dissociate both topics but I didn't want to
spam your inboxes.

Follow-Ups:
- Re: [Wireshark-dev] display filtering + how to analyze some TCP packets
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] how to retrieve a guint32
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 39559: /trunk/epan/ /trunk/epan/: proto.c
Previous by thread: Re: [Wireshark-dev] [libdissectors_la-packet-dtls.lo] Error 1 on Mac OSX Lion
Next by thread: Re: [Wireshark-dev] display filtering + how to analyze some TCP packets
Index(es):
- Date
- Thread