Zoran Bošnjak wrote: > Dear wireshark developers, > please advice how to dissect multiple pdus inside single udp payload. There > are some examples how to reassamble fragmented payload and disselection is > then seen on last frame (not sure??). But I couldn't find any example for > opposite problem, how to first split payload and then dissect each part > independantly as if it was captured alone. > > Could this be done inside dissector or prior to dissector? > > My protocol inside UDP payload is in the form: > [type(1byte)][len(2bytes)][data(variable)][type][len][data]...[type][len][data] > > After dissecting everything, I would like to have a separate line (in a main > window) for each pdu ([type][len][data]) so that I could use "Info" column > for each subitem and to filter (and display) only individual subitems. > > For now I am only able to dissect all PDUs inside the same tree (multiple > subtrees in dissect window), but display filtering does not work or is very > limited in this case.
Yes, Wireshark is built around the concept of a frame containing only a single PDU. With SCTP, too, (which frequently bundles upper layer PDUs together) we have the problem of many PDUs in a single frame which can make (display) filtering problematic. One idea for the packet list frame: http://www.wireshark.org/lists/wireshark-dev/200606/msg00147.html looks appealing to me but AFAIK isn't possible in the current GTK, uh, "thingy" (forget the term) that the Wireshark GUI uses. _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
