Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dissecting packet details field by field

From: Guy Harris <guy () alum mit edu>
Date: Sat, 15 Jul 2017 11:37:16 -0700
On Jul 15, 2017, at 5:19 AM, David Schaeffer <david.schaeffer2 () gmail com> wrote:


On Jul 14, 2017, at 16:19 PM, Guy Harris <guy () alum mit edu> wrote:


So you'd right click on a particular field in the protocol details pane, get a menu with "Graph" as one of the 
items, and it'd pop up an I/O graph for that field?
There's currently no mechanism for that in Wireshark, but it might be a useful *general* addition to Wireshark.


I actually implemented this already in my local copy of the code base. It has options for opening the default graph 
and graphing the selected bit code.


So you've added a general "Graph" menu item for the context menu (another name for "right-click menu" that doesn't 
assume the existence of more than one mouse/trackpad button - the trackpad on my laptop *is* the one-and-only button) 
for packet detail pane items?

If so, you might want to contribute that as a separate patch, minus any code that deals specifically with bit codes.


(minus the part wher


That looks a bit incomp


*That* would require adding the ability to register a per-field callback, with the default being one that causes a 
"standard" I/O graph to be popped up, and with your dissector specifying a callback grabbing the IP address and the 
value of the bit code.  That might call the "draw an I/O graph" code with another callback specified; that callback 
would indicate whether to use the packet or not.


I was speaking to someone else that we may have to involve the specific dissector. We are hoping to keep it 
generalized enough to use it for any protocol though. The common theme seems to be involving the dissector so I think 
I'll just start with ours and see if I can't expand it to the rest.


The appropriate filter would probably differ from protocol to protocol, so, yes, there should be a mechanism allowing a 
dissector to register a routine to provide the initial filter for the graph.  Somebody might, for a particular protocol 
that *doesn't* run over IP, a "limit this to a particular conversation" item, for example.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: