Wireshark-dev: [Wireshark-dev] How to collect information from various packets during dissectio
From: Christian Gurk <christian.gurk@xxxxxxx>
Date: Thu, 24 Sep 2009 09:32:19 +0200
Hi,
I just switched successfully from lua to c. So I could "rewrite" my own dissectors in c and get them to run (very nice:-) thanks to the various tutorials and the source code.

My problem now:
I have a protocol, where different nodes in our experimental network send regularly keep-alive messages with its own node-ID (NID) and node-serialnumber (SN). I would like to use this information for "name resolution" in my protocol.

The idea:
If I could save the node-serials during dissection in a table somewhere, I could use this table for nameresolution during dissetion of non-keep-allive messages, where I only have the node-IDs.

Example:
(KA = keepalive; OM = other message; NID 255 = broadcast)
type | dstNID | srcNID | data
KA      255        1     NODE0031
KA      255        3     NODE0012
KA      255        2     NODE0005
OM       2         1     foo...
OM       1         2     answer to foo...
...

Now, if I could save the serials from the first three messages (KA) then I could use this information for the next two messages (OM). My problem is now, how to store these information?! At the moment it would be sufficient to have possible 255 NIds. So if I could create a "global" array of strings, then I could use the NID as an index. That would be easy then. But how could I create such an array globally? Sorry, I'm new to C and wireshark...

Hope someone could help me or show me some examples?
Greetings
Christian

--
Christian Gurk
Electronics Working Group / Research & Development
Max-Planck-Insitute for Chemistry, Mainz, Germany
+49-6131-305387 / christian.gurk@xxxxxxx