Wireshark · Wireshark-dev: Re: [Wireshark-dev] Get packet data from previous packet

Wireshark-dev: Re: [Wireshark-dev] Get packet data from previous packet

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 15 Jun 2007 09:19:21 -0700

Graham Bloice wrote:

Search for conversations in the developers guide.  This will allow you to
track both sides of the conversation.

...and, when a request packet is seen, save information about it as dataattached to the conversation; when the reply is seen, check whetherinformation about the request is attached to the current frame and, ifnot, check whether it's attached to the conversation and, if so, attachit to the current frame.


Then:

if you have information about the request is attached to the currentframe, use that to dissect it;

otherwise, the request wasn't in the capture, and you can't correctlyinterpret the reply.

This is the mechanism used by many other protocols, such as ONC RPC,SMB, etc..

References:
- [Wireshark-dev] Get packet data from previous packet
  - From: Stratemeier, Frank
- Re: [Wireshark-dev] Get packet data from previous packet
  - From: Graham Bloice

Prev by Date: Re: [Wireshark-dev] Get packet data from previous packet
Next by Date: Re: [Wireshark-dev] gsmmap asn1 directory
Previous by thread: Re: [Wireshark-dev] Get packet data from previous packet
Next by thread: [Wireshark-dev] [Fwd: [Wireshark-commits] rev 22110: /trunk-0.99.6/]
Index(es):
- Date
- Thread