I would like to add the following nodes to the tree structure in Wireshark in my dissectors code:

  • Node1
  • Node2
    • Node3
    • Node4
      • Node5
  • Node6

I know this would be accomplished through the dissect proto function, but I cannot figure out how to add nodes and set the text arbitrarily (totally independent of the data getting handed into my dissector).

I realize this is not quite how this is supposed to be used, but due to the nature of what I am doing, the actual conversion function (raw data to XML) is already done inside a DLL file. It works, we use it for other things, and I don't really want to attempt to incorporate that mess into my dissector. I wrote a C XML parser already since the DLL outputs an XML c string, so all i want to do at this point is take that XML file (which is inherently a tree structure already) and display it in wireshark.

If you could provide a small example to add the tree structure I gave above that would be amazing.

Thank you for your time, Brandon

asked 25 Jul '11, 05:45

officialhopsof's gravatar image

officialhopsof
318812
accept rate: 100%

edited 25 Jul '11, 05:48


The function proto_tree_add_text is what you are looking for. You could probably do what you need something like this:

//create a tvb over your xml string data
tvbuff_t *xmltvb = tvb_new_real_data(xml_data_as_string, number_xml_characters, number_xml_characters);
...
//add a text item to your tree
xml_tree_item = proto_tree_add_text(parent_tree_node, xmltvb, start_index, length, "%*s", length, xml_data_as_string);

You may even be able to skip creating a new tvbuff_t if your data is already present in the tvb you are dissecting.

link

answered 25 Jul '11, 06:40

multipleinterfaces's gravatar image

multipleinte...
1.2k91534
accept rate: 12%

multipleinterfaces: that is exactly what I needed, thanks!

(25 Jul '11, 08:06) officialhopsof

You add a subtree by using proto_item_add_subtree() that gets you a new tree that you can then add items to in a similar way to the tree originally handed in to your dissector.

See README.developer in the doc directory of the source.

link

answered 25 Jul '11, 06:28

grahamb's gravatar image

grahamb ♦
8.7k224125
accept rate: 17%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×18
×15
×13
×4

Asked: 25 Jul '11, 05:45

Seen: 1,749 times

Last updated: 26 Jul '11, 01:24

powered by OSQA