Ask Your Question

How can i create own errors in wireshark dissector

asked 2021-01-14 09:52:54 +0000

Robin26689 gravatar image

Hello together,

im working on my own dissector in c and i want to generate/create error messages like timeout or outofrange or something like that. I would like to give the frames which i find these created errors some colors depending on the error. Is there a common solution maybe? Would be enough if you can give me the number where i can find something of the README.dissector, because i'm still a beginner and want to learn more about devoloping my own dissector.

Thanks in advantage


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-01-14 11:10:37 +0000

grahamb gravatar image

updated 2021-02-03 14:46:31 +0000

The Wireshark support for this concept is called Expert Info:

The general idea behind the following "Expert Infos" is to have a better display of "uncommon" or "notable" network behaviour. This way, both novice and expert users will hopefully find probable network problems a lot faster, compared to scanning the packet list "manually".

edit flag offensive delete link more


Nice, thank you very much, will look it up right now!

Robin26689 gravatar imageRobin26689 ( 2021-01-14 11:12:27 +0000 )edit

Unfortunately not documented in the usual places that I could see. Commits to fix this are welcomed.

grahamb gravatar imagegrahamb ( 2021-01-14 11:53:57 +0000 )edit

@grahmb if i click your link i'm just forwareded to gitlab. Did you mean i should look into the expert.h file? I haven't had time to look for the expert infos but now i want. I am trying to add an expert info to proto_tree_add_checksum()...i dont know where to start or where to find information. I already use the function and it works fine but it would be nice to have some expert information too. Hope you can help.


Robin26689 gravatar imageRobin26689 ( 2021-02-03 14:24:22 +0000 )edit

@Robin26689, Oops, I think I meant to link to the Developers Guide. I've updated the link.

grahamb gravatar imagegrahamb ( 2021-02-03 14:46:12 +0000 )edit

I did mean to link to the Wiki but for reasons unknown that page has not transferred from the old wiki to the new Gitlab one. For historical purposes a link to the old wiki page is here.

grahamb gravatar imagegrahamb ( 2021-02-03 14:49:29 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-01-14 09:52:54 +0000

Seen: 67 times

Last updated: Feb 03