> Date: Sun, 28 Jan 2007 14:57:58 +0800 > From: Jeff Morriss <[EMAIL PROTECTED]> > Subject: Re: [Wireshark-dev] Dissector for Cisco ITP packet logging > facility > Abhik Sarkar wrote: > [...] > > Now, since wireshark can already dissect syslog packets and mtp > > packets, I thought of combining the two. > > Cool, I think that would be a useful addition to Wireshark. However I > suspect that a separate dissector is not a good idea but your changes > would have to be merged into the existing syslog dissector (which > appears easy since that's where you started). Could you provide a > (small) sample capture file to test with (you could send it to > the list or to me privately if you prefer)?
Hi Jeff, Thanks for the reply. I agree with you... however, since this is the first time I am playing around with wireshark code, I did not want to "pollute" the code of a stable dissector. However, since paklog isn't really a protocol in itself, it would be fine to extent the syslog dissector. I will send you a capture seperately (as it might have potentially network sensitive information). I have also been trying to find out a way to get the syslog dissector to tells all subsequent dissectors that the byte array was generated and not present in the actual capture and hence to mark their protocol tree items using the PROTO_ITEM_SET_GENERATED macro, but have so far been unsuccessful. Perhaps you have some ideas on this. Best regards, Abhik. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
