Hi everybody,
For research purposes, I am looking to get the amount of bytes used for each protocol. Unfortunately, the protocol hierarchy all use a cumulative calculation method (size 802.15.4 = size 802.15.4 header + size 6LoWPAN header + ...).
What I want:
- Frame: 86 bytes
- Protocol A: 23 bytes
- Protocol B: 7 bytes
- Protocol C: 12 bytes
- Payload: 44 bytes
What wireshark does now:
- Frame: 86 bytes
- Protocol A: 86 bytes
- Protocol B: 63 bytes
- Protocol C: 56 bytes
- Payload: 44 bytes
I was wondering I could get this information about bytes per header in a way so I can calculate the total amount of bytes per type of header for a whole pcap file. The information I need seems to be already available per packet on the gui; when you click a header in the tree, the amount of bytes of that header is available in the status bar and the frame bytes window highlights the correct amount of bytes. (screenshot: https://pasteboard.co/Hr2VBLSU.png)
I've thought about writing wrapper dissectors in lua for the protocols I use, but I got stuck there trying to tie in the dissectors and retreiving the correct information.
Extra follow-up question:
The packages I examine are 6LoWPAN packets. I would also like to get the amount of bytes actually transmitted. not decompressed. However, the tree headers only give the decompressed amount of bytes. Is this possibile?
With kind regards,
Martijn
