Ask Your Question
0

"global" tcp stream variables for a dissector.

asked 2018-02-07 21:18:01 +0000

Hi all,

I am kinda new to the development of wireshark dissectors and could not really find a good answer on this. I designed two dissectors, with one i have the following problem:

I have a lot of tcp packets, and one of the packets that are send are keep alive packets with information about what kind of system it is. Now do i need to save this information for the dissector because with this information i can make the right decisions in the parsing part.

SO what i basicly need to do is create a table and link information to an ip and depending on that information my dissector should make different decissions when the packet belongs to that ip (system), because one system has different opcodes than another system.

Can anybody point me in the right direction? Do i need a tap or anything?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-02-08 09:02:44 +0000

Jaap gravatar image

I would suggest you look into the concept of conversations, see doc/README.dissector. section 2 Advnced dissector topics. This is the way to record and retrieve meta data about the relationship between two (or more) endpoints.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-02-07 21:18:01 +0000

Seen: 363 times

Last updated: Feb 08 '18