2023-07-15 11:55:54 +0000 | received badge | ● Famous Question (source) |
2022-05-09 21:36:18 +0000 | received badge | ● Notable Question (source) |
2021-08-30 06:21:30 +0000 | received badge | ● Popular Question (source) |
2020-10-12 11:10:08 +0000 | marked best answer | How can I use conversations in custom dissectors I have a custom dissector written in C that dissects a simple client-server protocol. The protocol though has one quirk: If an operation is successful it sets ACK flag, if not the ACK bit is not set. However if the bit is not set it looks exactly like a packet a client might send to a server. My idea was to use conversations to track if a packet is a response to a query. From reading the README.dissector documentation I came up with the following: ```C ``` This seems to work when I run it in Tshark but in Wireshark as soon as I enter a filter it fails and misinterprets the packets. I suspect that this code only works on the first dissection run and then has some 'leftover' state. But i dont understand the conversation feature enough to tell what I am missing here. Can anobody help me out here? |
2020-10-12 11:10:08 +0000 | received badge | ● Scholar (source) |
2020-10-12 11:09:55 +0000 | commented answer | How can I use conversations in custom dissectors Thanks for the hints. I solved it by copying the way the gryphon plugin handles it: Using PINFO_FD_VISITED and then mark |
2020-10-09 12:47:48 +0000 | commented answer | How can I use conversations in custom dissectors I understand. How can I then use previous state of the connection properly? Do I have at least the guarantee that all pa |
2020-10-09 11:58:12 +0000 | asked a question | How can I use conversations in custom dissectors How can I use conversations in custom dissectors I have a custom dissector written in C that dissects a simple client-se |