Hi, When your dissector sees packet A for the first time it should create a conversation with private data carrying req_tunnel_id, req_idx and later add the reply_tunnel_id when dissecting packet B. That would allow you to add a req_id to all related packets, offering a field to filter on.
For conversations see doc/README.developer in the source tree. Thanks, Jaap On 06/05/2010 06:55 PM, Rohit Mediratta wrote: > The relation between packets is as follows. > > 1. Packet A is a request to setup a session. This packet has a unique > "request tunnel Identifier" and a "requestIndex". > 2. Packet B is a reply, this packet is tunneled with the "request tunnel > Identifier" and contains a "reply tunnel Identifier" > 3. Packet C is subsequent request packet which is tunneled with "reply > tunnel Identifier" > 4. Packet D is a subsequent reply packet which is tunneled with "request > tunnel Identifier". > > NOTE: "tunnel Identifier" are unique in a single direction only, so > there is no algorithmic correlation between the "request tunnel > Identifier" and "reply tunnel Identifier". > > I am looking to generate a view for all packets which are related to the > "requestIndex". > I am open to the idea of editing the dissectors to achieve this. > > Any ideas/pointers would be very useful. > > thanks, > Rohit > > > Date: Sat, 5 Jun 2010 12:25:55 +0200 > > From: [email protected] > > To: [email protected] > > Subject: Re: [Wireshark-dev] Generation of display filter based on a > field in the pcap > > > > On 06/05/2010 11:37 AM, Rohit Mediratta wrote: > > > Hi, > > > I am trying to generate a display filter which is based on the the > value > > > of a TLV within the pcap. > > > Let me provide an example of a display filter I am trying to > generate in > > > the pcap that I have. > > > > > > 1. Packet A has a TLV with value1 and another TLV with value2. > > > 2. Packet B has a TLV with value2 and a TLV with value3. > > > 3. Packet C has a TLV with value3. > > > 4. Packet D has a TLV with value2. > > > > > > I'd like my display filter to be > > > "special_display_filter == value1" > > > When I apply this filter, I'd like all 4 packets to be displayed. > > > > > > This is, ofcourse, my view of how I can achieve this. If there is > > > another methodology to achieve my aim of displaying all packets related > > > to Packet A, then please enlighten me. > > > > > > > > > My final goal is to update the flow_graph to view all 4 packets, when I > > > select "packet flow for any packets related to Packet A". If > someone can > > > provide any pointers/hints that would be useful. > > > > > > thanks in advance, > > > Rohit > > > > > > > Hi, > > > > What's the relation between packet A, B, C and D? How do you identify > this > > relation from the packets? Your display filter now will only match > packet A. > > > > Thanks, > > Jaap > > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
