All-
I have developed many dissectors, but have not run up against this problem before. I am looking for a solution that will work inside a plugin dissector. The issue is that I have some secure traffic that I cannot decode until I learn some state that is only periodically advertised. This means that during the first pass through the packets that I will fail to decode many packets, but that by the end of the first pass I will have (likely) learned enough to decode the previous packets. I believe (and will shortly test) that any secondary decodes (as clicking on the undecoded packet) will magically cause the column info to update and the packet to display decoded (assuming that my learned state is associated with my conversation, which it is). My question is whether it is possible to indicate to Wireshark that certain packets (or, worst case, all packets) should be rechecked. If it is only the "all packets" case I would likely not do anything (as I deal with large capture files). If selected packets could be redone then that might be interesting, as I know which packets are "mine" and if I learn later that I can decode them then I would know the frame numbers to re-parse. Thoughts? Thanks. -Bryant Panasonic Electric Works Laboratory of America - SLC Lab 4525 So. Wasatch Blvd., Suite 100, 84124 Salt Lake City, UT 84124 T 801.993.7124 F 801.993.7260 [email protected] Bryant Eastham Chief Architect ***CONFIDENTIALITY NOTICE***: This e-mail and any attachments may contain information which is confidential, proprietary, trade secret, privileged or otherwise protected by law. The information is the property of Panasonic Electric Works Laboratory of America, Inc., and is solely intended for the named addressee (or a person responsible or delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender and the Office of General Counsel at [email protected] <mailto:[email protected]> immediately by return e-mail and delete it from your computer.
<<image001.gif>>
<<image003.gif>>
<<image004.png>>
<<image005.png>>
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
