Re: Dealing with aggregated packets

[Guy Harris <guy () alum mit edu>]

On Jul 2, 2018, at 10:34 PM, Mike Morrin <morrinmike () gmail com> wrote:

> I also played with this concept a few years ago when working with a proprietary aggregation protocol.  I am not sure 
> if I still have my prototype code.  I seem to remember that features such as filtering were easily broken and 
> difficult to fix.
>
> One idea I had was to NOT give the aggregated packets real packet numbers (in the traditional sense), but give them 
> sub-packet numbers which are displayed as x.y where x is the aggregation packet where the aggregated packet finishes 
> and y is the aggregated sub-packet number.  Note that his scheme should be extensible for sub-packets within 
> sub-packets (x.y.z etc).  

Is there any need to give them packet numbers at all?  The top-level tree items can have frame numbers, but the tree 
items underneath that need not have one.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe