Wireshark-dev: Re: [Wireshark-dev] Dissector - How to add a new row to display next message pay
Joe Leong wrote:
In the Developer’s Guide, 9.4.2 How to reassemble split TCP Packets
mentions “You also cannot assume that a TCP packet contains only
one application layer message and that the message header is at
the start of your TCP payload. More than one messages can be
transmitted in one TCP packet, so that a message can start at an
arbitrary position.”.
I have this situation and
Would there be an example that show how to properly display the COL_INFO
for the second TCP payload message as a separate (next) row?
No. All the information goes on the one row. The rows are
frame-oriented, not PDU-oriented.
e.g. – Currently, my dissector performs the correction dissection on
both messages, but I’m having to display the information for both
messages on the same row within the “Info” column
So it looks like
No. Time Source Destination
Protocol Info
1 232.1 10.1.1.1 10.1.1.2
XXXX DOG CAT
Yep, that looks correct, at least in the current framework. There has
been discussion to allow the current frame-oriented framework to somehow
allow it to also display per-PDU displays, but nothing has ever been
done about it.
Personally I like this idea from many years ago:
http://www.wireshark.org/lists/wireshark-dev/200606/msg00147.html