This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Making a dissector that filters packets

0

Hi! What I wonder is, how can you make so that your dissector compares the next packet to the previous one? I want to make so that if the next packet has the same data as the previous one, it wont be displayed. I dont want to show a large amount of packtes in a row that are identical, I only want to show packets where some change has been made to the data.

Anyone knows?

Cheers / Martino

asked 09 Apr '12, 01:09

Martino's gravatar image

Martino
1222
accept rate: 0%


One Answer:

1

You can't make a dissector decide whether a frame will be displayed or not, that is only possible through display filters. But you can make them work together.

For example, if you create a field in your dissector that is only present if the packet is different from the previous packet in the same conversation, then you can filter in that field with a display filter.

For this to work, you need to work with "conversations" and "per-packet" data. See paragraph 2.2.1 and 2.5 in "doc/README.developer"

answered 09 Apr '12, 02:02

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%