Wireshark mailing list archives

Re: Dissector for stream data

From: Andriy Beregovenko <jet () jet kiev ua>
Date: Sun, 25 Dec 2011 11:50:31 +0200

Hi Andreas,

On Sun, Dec 25, 2011 at 06:35:42AM +0100, Andreas wrote:

Am 24.12.2011 14:16, schrieb Andriy Beregovenko:

If I open dump, select frame, and push 'END' I move to end of dump.
At this time all frames between first few frames and few last frames, not
decoded, so I can't correct decode last frame.
Question is: how I can walk through all frames that will be passed to
dissector if we look frames one-by-one?

Wireshark passes all packets in order to the dissector, when the
capture is loaded. After this the dissector will get the packets in
arbitrary order.

No. If you do not belive me - test :)
Wireshark not pass all packets to dissector while loading dump.
But, it pass first N packets to it, that needs to be displayed (after load).
And then it pass to dissector each packet, that will be displayed in packet
list part of window.
For example, we have dump with 100 packets inside. And wi have height of
display window about 10 packets(i mean w/o scroll). So when we loading dump,
will be passed 10 packets to dissector, from 1 to 10. Now, if we push
'End'-key on keyboard, then packet list window jump to display packets from
90 to 100. Also packets from 10 to 90 will not pass to dissector. so we got
next seq: 1-10,90-100.

The dissector can distinguish between both calls (see
PINFO_FD_VISITED macro) and build conversation information in the
first phase.

Andy

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


-- 
Best regards,
Andriy
0xBDDBDAE3

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Dissector for stream data Andriy Beregovenko (Dec 18)
- Re: Dissector for stream data Jaap Keuter (Dec 19)
  - Re: Dissector for stream data Andriy Beregovenko (Dec 19)
  - Re: Dissector for stream data Andriy Beregovenko (Dec 24)
    - Re: Dissector for stream data Andreas (Dec 24)
    - Re: Dissector for stream data Andriy Beregovenko (Dec 25)
    - Re: Dissector for stream data Guy Harris (Dec 25)
    - Re: Dissector for stream data Guy Harris (Dec 25)
    - Re: Dissector for stream data Andriy Beregovenko (Dec 25)