Wireshark-dev: Re: [Wireshark-dev] Reading from and writing back to tvbuff
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 12 May 2010 15:11:03 +0200

Hi,

 * Testy, Virtual(-izable) Buffer of guint8*'s
 *
 * "Testy" -- the buffer gets mad when an attempt is made to access data
 *         beyond the bounds of the buffer. An exception is thrown.
 *
 * "Virtual" -- the buffer can have its own data, can use a subset of
 *         the data of a backing tvbuff, or can be a composite of
 *         other tvbuffs.

Now you understand that you'll need the functions in tvbuff.h to access these buffers.
And since no functions are provided to write back into a TVB this won't work.

What you can do is create your own TVB from real data and feed these to the dissection engine. This is how decryption of network traffic works for instance.

Thanks,
Jaap

 

On Wed, 12 May 2010 19:16:17 +1000, "Craig Bumpstead" <cbumpste@xxxxxxxxxxxx> wrote:

Hi,

 

Is it ok to read from tvbuff, manipulate the string and write back to it without messing up Wireshark??

 

I would like my proprietary protocol to show relevant information in "Follow TCP Stream". All it shows at the moment is illegible hex. Is it possible to write code for a dissector / interpreter for "Follow TCP Stream"?

 

Regards,

Craig