Re: jump to a packet flag

[Guy Harris <guy () alum mit edu>]

On Jul 1, 2004, at 12:18 PM, alex medvedev wrote:

> this, however, does not work well with relative seq numbers in tcp
> packets [maybe smth else too?].

Anything that maintains and uses state information between packets 
wouldn't work.

However, what could be done would be something that still runs the 
dissection code on the packet but that suppresses printing; currently, 
that's not easy to do, as the dissectors just call "printf()", but if, 
as is being considered, we construct a data structure in the dissector 
and then print information from that data structure (either in a 
human-readable form or in some XML or otherwise standardized form to be 
passed to other programs or scripts), we might just be able to omit the 
last step.

That's more expensive than just ignoring the first N-1 packets with "-j 
N, but stuff requiring state continues to work.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.