[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-dev
Subject:    [Wireshark-dev] How to decode specific packet with custom Decode as from dialog?
From:       Jirka Novak <j.novak () netsystem ! cz>
Date:       2021-03-11 8:54:46
Message-ID: 130379d5-cb27-72ba-63a3-18919ebb30f5 () netsystem ! cz
[Download RAW message or body]

Hi,

  I'm using wireshark for RTP analysis. Very often I analyze pcaps where
is no signaling packets therefore Wireshark is not able to recognize RTP
packets and I have to use Decode as for every stream in file. It is
boring work...

  My idea is to write a tool which will propose RTP stream candidates. I
would like to allow the tool to check whether packet is really RTP - it
will try to decode one or a few packets as RTP.
  I found that I don't know how to do it. There are two issues I identified:
1) How to decode just the specific packet?
There is sequence of calls e.g. in PacketListRecord::dissect() which
decode packet. My understanding is that it decodes current packet where
pcap is positioned and I found no call to "seek" to specific packet by
its number. On the other hand goToPacked do so...
I would like to avoid retap of whole pcap if possible.

2) How to use new Decode as rule temporary?
Decode as dialog saves it to preferences, but I hope there is simpler way.

Can I ask for help and guidance?

					Best regards,

							Jirka Novak
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]