Hello
I've created a basic dissector for the JGroups group communication
protocol which can dissect JGroups PDU when running atop TCP or UDP. At
present, the dissection is based on specifying a port number (either udp
port or tcp port, depending on the transport used) in the preferences
section, in order to indicate to wireshark which packets it captures
should have the JGroups PDU dissector applied. However, this results in
PDUs in only one direction of a two process interaction to be dissected.
I'm trying to achieve two things at present:
(i) as a first step, have both directions of a two process interaction
dissected
(ii) as a second step, within the larger context of a two process
interaction, where we can view the interaction as consisting of a
sequence of known, prototcol specific phases (e.g in the case of
JGroups, discover peers, join group, exchange data with group members,
leave group), I want to be able to have wireshark identify and mark
those phases, say, with colours
I'll limit my question to the first part, as it is my immediate problem.
Are conversations the principal way of achieving (i) - namely, getting
two sides of an interaction to be dissected, as opposed to one specified
by a single port number?
Is there any special coding of the conversation logic required in order
to get this effect? For example, in a JGroups capture session, there may
be several addr1/port1 addr2/port2 combinations which are interacting,
and i'd like each side of these exchanges to be dissected. Do I just
need to try and find a conversation for each packet I encounter, and if
it doesn't belong to one, then create one?
Thanks in advance
Richard
