[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] Dissecting packet details field by field
From:       Guy Harris <guy () alum ! mit ! edu>
Date:       2017-07-14 23:19:27
Message-ID: 7973D44C-55F2-47AC-B243-BE7A3661DBBA () alum ! mit ! edu
[Download RAW message or body]

(Redirecting to the developer list, as per Jeff Morriss's suggestion; it's the right \
place for questions about the Wireshark code base.  CCing wireshark-users in case \
you're not subscribed to wireshark-dev - if you're not, you should subscribe.)

On Jul 14, 2017, at 5:38 AM, David Schaeffer <david.schaeffer2@gmail.com> wrote:

> > On Wed, Jul 12, 2017 at 1:42 PM, David Schaeffer <david.schaeffer2@gmail.com \
> > wrote: 
> > > I'm currently working on pulling specific data from a packet once they've
> > > clicked on some packet detail. For example, if the user clicks on a bit
> > > code in the packet body, I want to also pull the source IP address of that
> > > packet. Is there a way to search the packet body by field name or pulling
> > > the packet details into an object of some sort to parse this information?
> > > Thanks for any assistance you can offer in this matter.
> > 
> > Can you give a bit more context?  I assume that this is the context of
> > writing a protocol dissector?  What are you planning to do with, for
> > example, the IP address?
> 
> Sure. So the goal of this is to allow us to graph bit codes from a packet that has \
> already be dissected by a custom packet dissector. We're making it so a user can \
> right-click on the bit code they would like to graph, select graph, and it'll bring \
> up the IOGraph with that data, 0 or 1.

So you'd right click on a particular field in the protocol details pane, get a menu \
with "Graph" as one of the items, and it'd pop up an I/O graph for that field?

There's currently no mechanism for that in Wireshark, but it might be a useful \
*general* addition to Wireshark.

> The problem is we have multiple PLCs sending the same bit codes so just grabbing a \
> filter for solely the bit code doesn't work, as it pulls from every PLC. I need to \
> grab the IP address with it to track the specific bit code from that specific PLC.

*That* would require adding the ability to register a per-field callback, with the \
default being one that causes a "standard" I/O graph to be popped up, and with your \
dissector specifying a callback grabbing the IP address and the value of the bit \
code.  That might call the "draw an I/O graph" code with another callback specified; \
that callback would indicate whether to use the packet or not. \
___________________________________________________________________________ Sent via: \
                Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe


[prev in list] [next in list] [prev in thread] [next in thread]