On Aug 27, 2009, at 3:59 PM, Saad Nader wrote: > I’m dissecting a protocol that doesn’t have a good message > structure. This protocol is a TCP based protocol. There is no > packet header that tells me what type of message I have. I’ve been > using a conversation and state data to keep track but that also has > issues when viewing previous packets. Any packet previous to the > current packet will not have correct state. I’ve been trying to > look for a way to use the TCP sequence number to aid myself. Is > there any easy way to get this from packet_info?
What I usually do in this sort of case is to use conversations as you are, but also store some sort of identifier in the packet data itself after figuring out where you are from the conversation data. This corrects the problem when viewing previous packets because the dissector can simply look up the state in the packet's data. The per packet data is handled using p_get_proto_data() and p_set_proto_data(). Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
