Hi, I hope this is the right place to ask my question... I wish to be able to receive a single UDP packet that contains several packets of my protocol and show each of those internal packet in the main GUI table as a standalone packet. I know that Wireshark does not support this. So i thought to resend it internally over socket in the machine after dissection so that the parsed packets are resent and captured by Wireshark and thus achieve my goal, but that does not work on Windows due to loopback limitations in that OS and I do need the application to be cross-platform. That leaves me with the option to modify Wireshark code. I have been told this is a significant amount of work but I wonder if anyone knows about previous such attempts or can point me at how this may be implemented. Many Thanks asked 22 Apr '13, 01:55  amirix |
One Answer:
I found a way to do it that seems clean enough and will hopefully sustain the throughput needed and be easily ported to other OS: I altered the dumpcap code in a way that the fragmentation is made there, the original IP/UDP header is appended with needed changes and then forwarded to WS. I'll post this also in the development thread I opened. answered 05 May '13, 11:47 amirix |
