Wireshark mailing list archives

Re: Export PDU:s

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Fri, 10 May 2013 15:20:39 +0200

2013/5/5 Anders Broman <a.broman () bredband net>

Hi,
I have added a basic implementation making it possible to export higher
level PDU:s to file using a USER_DLT.
The basic implementation makes it possible to export SIP traffic to a new
file adding some meta data before the actual SIP message. The idea is that
it should be possible to export the reassembled PDU:s(and mix several
protocols) removing the under laying transport protocol but retaining some
interesting data such as IP addresses and ports.

The implementation is bare bones to get the demo to work. It would be nice
to get some feedback on useful tags
to add, helper functions to load tags and if some one is willing to work
on the GUI part that'd be nice too.

Would it be feasible/useful to apply for a link-layer type from tcpdump?

Any comments welcome.
Regards
Anders


Hi Anders,

it looks interesting. I started playing a bit with it and fixed a few bugs
in r49232. Moreover I added the tags content to a subtree. Feel free to
revert it if you do not like the output.
I would find it great to have a link layer type allocated. This way the
feature could work out of the box without any configuration.
Any idea on how to handle the export of several protocols ? Should we allow
the user to select them in the GUI or should we export all the protocols
registering the tap and let the user select afterwards which ones to keep
with filters?
By the way, I noticed that if a dissector and sub dissector both support
the export functionality, the sub dissector message is dumped twice (once
per protocol). Not sure whether this should be considered as a feature or a
bug.

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Export PDU:s Anders Broman (May 05)
- Re: Export PDU:s Pascal Quantin (May 10)
  - Re: Export PDU:s Anders Broman (May 11)
    - Re: Export PDU:s Pascal Quantin (May 12)
    - Re: Export PDU:s Anders Broman (May 12)
    - Re: Export PDU:s Pascal Quantin (May 12)
    - Re: Export PDU:s Anders Broman (May 12)