This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark Tapping plugin

0

Hey,

I am trying to write a tap plugin, I am being quite successful, however, I am facing a problem. I cannot access on the tap all fields of a protocol, in some cases the "abbrev" returns "Text Item" and the value is "Text".

Anyone can explain me why ?

Thanks in advance.

asked 22 Jul '13, 09:02

rogerpt's gravatar image

rogerpt
11113
accept rate: 0%

One Answer:

4

That's because some fields in the protocol aren't named fields; they're being added with proto_item_add_text(), so they just show up as "Text".

If you or somebody in your organization wrote the dissector, change it to use named fields rather than proto_item_add_text() for the fields in question.

If it's part of the standard Wireshark release, file a bug on it at the Wireshark bugzilla saying it should use named fields.

If it's somebody else's plugin, ask them to use named fields.

answered 22 Jul '13, 09:49

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%