Wireshark mailing list archives
PCAP-NG metadata support
From: "Carpenter, Brandon J" <brandon.carpenter () pnnl gov>
Date: Fri, 20 Jul 2012 10:15:54 -0700
Hi all, I've been working on a patch to overcome one of Wireshark's limitations with regard to PCAP-NG captures. The patch adds metadata (section, interface, packet options, etc) to the dissector window and allows one to filter packets based on the metadata. I'm not sure the method I'm using is the best and was hoping some of the developers who are more familiar with the internals of Wireshark could say yay or nay and recommend alternatives. Along with being able to view the metadata, the patch is also working toward a plugin approach for parsing new PCAP-NG block types and options. Ideally, I think it would be nice to allow writing custom block and option parsers in the dissectors that display them. Any ideas on how to best accomplish this? So, is there anyone who would be willing to look at this? If so, what is the best way to make the patch available? I'll post more details with the patch. Thanks, Brandon ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- PCAP-NG metadata support Carpenter, Brandon J (Jul 20)
- Re: PCAP-NG metadata support Martin Kaiser (Jul 20)
- Re: PCAP-NG metadata support Stephen Donnelly (Jul 23)
- Re: PCAP-NG metadata support Guy Harris (Jul 23)