Ask Your Question

Revision history [back]

For C-based dissectors, track the requests and responses (usually via conversations which I don't know how to do in Lua), and then add fields to the tree to say how the current frame is tied to the other, e.g.

  • For the request, add a field indicating the response is in frame x with the field type set to FT_FRAMENUM, and the FRAME_NUM type set to T_FRAMENUM_RESPONSE
  • For the response, add a field indicating the request is in frame x with the field type set to FT_FRAMENUM, and the FRAME_NUM type set to T_FRAMENUM_REQUEST

Some details are in README.request_response_tracking.

For Lua, create the ProtoField with type ftypes.FRAMENUM and the value string one of frametype.REQUEST or frametype.RESPONSE, see here for more info on the Protofield options

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2