Ask Your Question
0

Linking packets in a dissector

asked 2019-05-16 15:10:19 +0000

dottedmag gravatar image

updated 2019-05-16 15:22:02 +0000

I am writing a dissector for ZWave serial port protocol, and I would like to link request/response packets somehow in UI.

The protocol does not have request/response IDs, but it says that responses to requests come in the same order they were sent, so it ought to be possible to match them. It also provides for "callback ID"s on requests that expect asynchronous responses in addition to synchronous acknowledgments, so some asynchronous responses can be matched to earlier requests, though these IDs can be reused.

I have read developer's guide about dissectors, but haven't found a way to say "this packet is a part of this request/response/multi-packet sequence". Is that possible? Have I missed some piece of documentation?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-05-16 16:04:52 +0000

grahamb gravatar image

Not (currently) in the Developers Guide, but among the many useful files in the doc subdirectory of the source, you will find README.request_response_tracking that should help you out.

edit flag offensive delete link more

Comments

I see that tracking requests/responses is based on addresses/ports. Should I do the manual tracking if I need things like "This is a response to a previous request of <this> form in outbound direction"?

dottedmag gravatar imagedottedmag ( 2019-05-16 18:37:52 +0000 )edit

That comment refers to conversations in general. In the example shown, the linking item between the packets in the conversation is the seq_num which is used as the key in the hash table.

grahamb gravatar imagegrahamb ( 2019-05-16 19:40:37 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-05-16 15:10:19 +0000

Seen: 652 times

Last updated: May 16 '19

Related questions

how to invert two bytes in lua script dissector ?

How do I get and display packet data information at a specific byte from the first byte?

why protocol is not showing as HTTP even though we sent http request ?

Adjusting Bit order and Endianess in LUA between Dissectors

How do I add "child item" to an item in the subtree?

PRP Dissector and FCS

Use a UDP payload dissector depending on ip addresses

Reuse (part of) a Wireshark Dissector

Heuristic dissector not called

How do I dissect multiple packets?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2