Re: Packet sample repository/library?

[Peter Wu <peter () lekensteyn nl>]

On Wed, Dec 21, 2016 at 03:51:51PM -0500, Jeff Morriss wrote:
> On Wed, Dec 21, 2016 at 5:28 AM, Peter Wu <peter () lekensteyn nl> wrote:
>
> > > 2) Won't be good idea to allow skip a sample from automatic testing
> > > (because it is for GUI demonstration)?
> >
> > You can invoke individual tests (which is most likely what you want when
> > you are testing changes to a single dissector). GUI versus tshark
> > single-pass and two-pass (-2) should produce the same results.
>
> Maybe this isn't quite what you meant but it *is* (semi-)normal that 1- and
> 2- pass results are different.  At least for generated fields (that require
> information from the first pass to calculate--e.g., links to frames that
> occur later in the capture).  [Or do those fields not show up in tshark's
> 2nd pass either?  My memory is fading...]

You are right, I was a bit imprecise. In the context of VoIP calls, when
the 1-pass recognizes a conversation, the same conversation *should*
also be found by the 2-pass. Indeed, dissectors can add extra
information in the 2-pass (like a "Response in frame X" link) and these
would show in the tshark -2 output as well.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe