On Jun 19, 2009, at 9:25 AM, Jeff Morriss wrote: > Well, I don't know if it's the same for all protocols, but it's > usually > set to one of these defines: > > epan/packet_info.h:#define P2P_DIR_UNKNOWN -1
...which means "there's not enough information in the file to determine the direction". > epan/packet_info.h:#define P2P_DIR_SENT 0 > epan/packet_info.h:#define P2P_DIR_RECV 1 > epan/packet_info.h:#define P2P_DIR_UL 0 > epan/packet_info.h:#define P2P_DIR_DL 1 > > It's useful in protocols when you know you're the sender or the > receiver > (and that makes a difference when dissecting). Although, in some places, it just matters whether the traffic is going "to the left" or "to the right"; if, for example, the capture comes from a passive tap, you're *a* receiver for all of it, but you still might be able to tell the difference between the two directions. For some protocols, where you have a network endpoint communicating with a network (ISDN, for example), "sent" should probably mean "user to network" and "received" should probably mean "network to user". ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
