Wireshark mailing list archives
Re: Dissector development- Problem with Conversation
From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
Date: Tue, 8 Dec 2009 15:34:19 -0500
First, regarding your example: A= Master, B= Slave A -------> B ( Master to slave) B <------- A ( Slave to Master) ... in both cases you depict A -> B (Master to slave) communication. I think you meant: A= Master, B= Slave A -------> B ( Master to slave) A <------- B ( Slave to Master) Anyway, rather than using A, B, etc., I'd rather illustrate conversations with IP:PORT. For example, for a "normal" conversation, you have this: IP1:PORT1 -------> IP2:PORT2 (Master to Slave) IP1:PORT1 <------- IP2:PORT2 (Slave to Master) Given that, I'm not sure if the following will work for you or not, but Wireshark conversations allow you to do the following and still count this as a single conversation: IP1:PORT1 -------> IP_ANY:PORT_ANY IP1:PORT1 <------- IP_ANY:PORT_ANY In your example below, C is the common component of the "conversation" and is therefore represented above as the IP1:PORT1 pair. In other words, if any host sends a message to C, that must be the 1st half of the conversation (i.e., the request), and if C sends a message to any other host, that must be the 2nd half of the conversation (i.e., the reply). You will need to look into the options argument to conversation_new(), in particular NO_ADDR2 and NO_PORT2. Either/Both may help you here. Refer to doc/README.developer section 2.2.2 for more details. - Chris P.S. It should be noted that I do not have much practical experience with conversations myself, so the above advice should be taken with a grain of salt. From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Sumit Kalsait Sent: Tuesday, December 08, 2009 4:04 AM To: wireshark-dev () wireshark org Subject: [Wireshark-dev] Dissector development- Problem with Conversation Hello Everybody In last days I was developing wireshark dissector for our protocol. for that reason In my dissector i used the conversation methods. as described in README.developer. Normally it register conversation like below. A= Master, B= Slave A -------> B ( Master to slave) B <------- A ( Slave to Master) as 1 converation. as per wireshark standard. and I can associate next or consecutive packet (with A and B address) with this conversatin. In my case We have listener module for our protocol so it see above conversation and gives packets to my Engineering PC so that I capture in wireshark C= Listner D ------> C (same like. Master to slave) E <------ C (same like. Slave to Master) same conversation as described above(1 st conversation). Listner picks up same packets only changes address. (for example D----> c is nothing but A---->B [Master to slave] and E <----- C is B <------- A [Slave to Master]) And right now I want my dissector shold response in same way as above. So i can associate next or consecutive packets to this conversation (I dont want to have D-------> C and E <-------C as 2 different conversation) But How I can register listner module conversation ??? When I use my normal A-B and B to A it register as 1 conversation. but in case of listner i see my conversation registration is quite different. how could be this problem handled. Thanks in advance Many Thanks and Best Regards Sumit ------------------------------------------------------------------------ Sumit Kalsait PHOENIX CONTACT ELECTRONICS GmbH Business Unit Automation Systems Research & Development Department Dringenauer Straße 30 D-31812 Bad Pyrmont, Germany Web: http://www.automation.phoenixcontact.com ------------------------------------------------------------------------ <http://www.automation.phoenixcontact.com/> .................................................................. PHOENIX CONTACT ELECTRONICS GmbH Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Klaus Eisert Roland Bent Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________ CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissector development- Problem with Conversation Sumit Kalsait (Dec 08)
- Re: Dissector development- Problem with Conversation Maynard, Chris (Dec 08)