Wireshark mailing list archives

Re: Packet direction detection from dissector level

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Fri, 12 Feb 2010 07:49:11 +0100

Hi,

There are a few ways to tackle this.
First is based on a known port number. Say the server port has a fixed  
value of 4444, you can check the pinfo to see if the sourceport is  
4444. If so it's a server packet. If its destinationport is 4444 it is  
a client packet. If neither it's not your protocol.

If there's no fixed port, you can use a conversation. This allows you  
to track data trough time, see README.developer for more info.

Tabs vs. spaces. Preferred are spaces.  Next are opening tabs, so only  
at the start of the line. But first and foremost a consistent style is  
important.

Thanks,
Jaap

Send from my iPhone

On 12 feb 2010, at 02:31, Daniel Kozar <los.danielos () gmail com> wrote:

Hello,
I'm attempting to write a dissector of a protocol used by a Polish IM
system called Gadu-Gadu. It's my first "larger" C project, so please
don't expect results very soon, but I'll surely try to do my best. So
far, having read the dissector developer documentation
(README.developer) and the more general Developer's Guide, I've
started writing and instantly stumbled upon a problem.

The problem is - is there any way to know if the packet is being sent
by the client or the server? I've encountered it because every packet
in this protocol has a "type" field in its header, but some values
repeat themselves and mean something else when sent by a server and
something else when sent by a client. I'd be thankful for providing
any solutions on how to solve this.

Another question - is the indentation/tab-width/"tabs as spaces"
coding style strictly enforced? Or is it okay to use your own
(without, obviously, being crazy), preferably with comments from this
-> http://www.wireshark.org/tools/modelines.html <- included?

Thank you very much in advance,
D.K.
___________________________________________________________________________

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Packet direction detection from dissector level Daniel Kozar (Feb 11)
- Re: Packet direction detection from dissector level Anders Broman (Feb 11)
- Re: Packet direction detection from dissector level Jaap Keuter (Feb 11)
  - Re: Packet direction detection from dissector level Guy Harris (Feb 12)
  - Re: Packet direction detection from dissector level Daniel Kozar (Feb 12)
    - Re: Packet direction detection from dissector level Jakub Zawadzki (Feb 12)