(Redirecting to the developer list, as per Jeff Morriss's suggestion; it's the right place for questions about the Wireshark code base. CCing wireshark-users in case you're not subscribed to wireshark-dev - if you're not, you should subscribe.)
On Jul 14, 2017, at 5:38 AM, David Schaeffer <david.schaeffer2@xxxxxxxxx> wrote:
>> On Wed, Jul 12, 2017 at 1:42 PM, David Schaeffer <david.schaeffer2@xxxxxxxxx wrote:
>>
>>> I'm currently working on pulling specific data from a packet once they've
>>> clicked on some packet detail. For example, if the user clicks on a bit
>>> code in the packet body, I want to also pull the source IP address of that
>>> packet. Is there a way to search the packet body by field name or pulling
>>> the packet details into an object of some sort to parse this information?
>>> Thanks for any assistance you can offer in this matter.
>>
>> Can you give a bit more context? I assume that this is the context of
>> writing a protocol dissector? What are you planning to do with, for
>> example, the IP address?
>
> Sure. So the goal of this is to allow us to graph bit codes from a packet that has already be dissected by a custom packet dissector. We're making it so a user can right-click on the bit code they would like to graph, select graph, and it'll bring up the IOGraph with that data, 0 or 1.
So you'd right click on a particular field in the protocol details pane, get a menu with "Graph" as one of the items, and it'd pop up an I/O graph for that field?
There's currently no mechanism for that in Wireshark, but it might be a useful *general* addition to Wireshark.
> The problem is we have multiple PLCs sending the same bit codes so just grabbing a filter for solely the bit code doesn't work, as it pulls from every PLC.
> I need to grab the IP address with it to track the specific bit code from that specific PLC.
*That* would require adding the ability to register a per-field callback, with the default being one that causes a "standard" I/O graph to be popped up, and with your dissector specifying a callback grabbing the IP address and the value of the bit code. That might call the "draw an I/O graph" code with another callback specified; that callback would indicate whether to use the packet or not.