On Nov 30, 2010, at 12:43 AM, Agustin Figueredo Canosa wrote:
> I have a dissector for my protocol that works fine, but I have a few
> questions..
>
> 1 - I have an external Sniffer (I haven't develop it) that uses a list
> from the component "TListView" of Borland Builder for saving capture
> files. The content of the files is transparent for user, If you open this
> file with a text editor, the content is illegible. Is there any way for
> add this file format to wiretap??
If:
1) that file format is documented somewhere, or can be
reverse-engineered
and
2) it has records for each packet that contain the raw data for the
packet and, if it's available, a time stamp for the packet
it's probably possible - we'd have to see the documentation for the file
format, or see some capture files in that format as well as information giving
some or all of the contents of each packet and, if they're in the file, the
time stamp for each packet (for reverse-engineering).
> 2 - I´d like to use different colors rules depending on the host
> directions. How can i do that? Obviously, I dont know this directions
> untill the frame arrives.
What if, for example, it's an Ethernet or Wi-Fi capture and there are more than
two hosts?
For IP packets, if you know the IP addresses of two of the hosts, you could
construct two color filter rules for traffic in each direction between those
hosts, but that wouldn't handle traffic between one of those hosts and a third
host, or traffic between two other hosts. If it's on a network with multiple
link-layer addresses, the same would apply to them.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
