Wireshark mailing list archives
how to get the dissected data for the tap listener
From: "Zhao, Liang (US SSA)" <Liang.Zhao () baesystems com>
Date: Wed, 27 Oct 2010 10:13:23 -0700
Hi, I'm trying to plot a data signal (for example, a custom defined message ID in the data payload) using something similar to "IO Graphs". I used the Generic Dissector plug-in created by Olivier Aveline and I can successfully dissect the data payload. So I should have the such data available somewhere. But I need your help to tell me where I can get it.
From my understanding, the tap_push_tapped_queue (in tap.c) will be called "after a packet has been fully dissected to push the tapped data to all extensions that has callbacks registered." Then the gtk_iostat_packet (in io_stat.c) is called with edt and pinfo holding the dissected package. However when I look though them, I can only get the protocol level data but nothing further. I have the eth, ip, tcp, myprotocol. When I reach the myprotocol, node->first and node->next are NULL, so I cannot get the field level data. Can someone help me with this? I would like to get the detail data just like proto_tree_write_node_pdml when I export packages to PDML.
Regards, Liang
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- how to get the dissected data for the tap listener Zhao, Liang (US SSA) (Oct 27)
- <Possible follow-ups>
- how to get the dissected data for the tap listener Zhao, Liang (US SSA) (Oct 28)