Ethereal-dev: Re: [Ethereal-dev] Dissecting a conversation.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 8 May 2003 01:50:43 -0700
On Thu, May 08, 2003 at 04:43:05PM +0800, Ian Cunningham wrote:
> I can see the FollowTCP Stream tool.  It is excellent.  But can I add
> my own dissector on top of it? That is avoid managing the reassembly of
> the TCP segments.

No.  "Follow TCP Stream" just reassembles the data in the stream itself,
and displays it as text, under the assumption that either

	1) the protocol being used in the conversation is an all-text
	   protocol (or enough of it is text that displaying it in that
	   fashion is convenient - for example, an HTTP sequence
	   fetching pictures might still be useful if displayed in that
	   fashion if the user looking at the trace doesn't care about
	   the contents of the pictures, just the HTTP protocol traffic)

or

	2) the user can figure out binary protocols by looking at them
	   as they're displayed in whatever character set is being used. :-)

A mechanism to allow a protocol to intercept the data itself for "Follow
TCP Stream" might be useful to handle cases where neither 1) nor 2) is
true (or where 2) is true but the user would prefer not to *have* to do
that :-)).  No such mechanism currently exists, however.