Graham Bloice wrote:
> Search for conversations in the developers guide. This will allow you to
> track both sides of the conversation.
...and, when a request packet is seen, save information about it as data
attached to the conversation; when the reply is seen, check whether
information about the request is attached to the current frame and, if
not, check whether it's attached to the conversation and, if so, attach
it to the current frame.
Then:
if you have information about the request is attached to the current
frame, use that to dissect it;
otherwise, the request wasn't in the capture, and you can't correctly
interpret the reply.
This is the mechanism used by many other protocols, such as ONC RPC,
SMB, etc..
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
