Wireshark · Wireshark-dev: Re: [Wireshark-dev] using pinfo structure to save data after first iteration

Wireshark-dev: Re: [Wireshark-dev] using pinfo structure to save data after first iteration

From: koundinya poluri <koundi.poluri@xxxxxxxxx>

Date: Tue, 30 Jun 2015 17:43:17 +0530

Hi guys,

I am not completely familiar with the conversations part of wireshark.I did go throught the sharkfest ppt by Guy Haaris.Then I realized that i can use the p_add_proto_data or p_get_proto_data to save data for each packet.I am not familar with it so I am reading rtp dissectors's code to understand it better.

As I understand a conversation is created using the port and ip addresses and then dissectors add their convo_data using the handle(proto_rtp in case of rtp) then you can get get the conversation using find_conversation.The link I am missing is how is this conversation related to p_add/get_proto_data.

So I have a couple of questions hope you dont mind answering them!

1.How is a conversation related to p_add/get_proto_data.

2.where does p_add_proto_data save the data after it is called?

Thanks a lot!

-koundinya

Follow-Ups:
- Re: [Wireshark-dev] using pinfo structure to save data after first iteration
  - From: Anders Broman

Prev by Date: Re: [Wireshark-dev] [!!Mass Mail]Re: "Wireshark-dev: Re: using pinfo structure to save data after first iteration"
Next by Date: Re: [Wireshark-dev] using pinfo structure to save data after first iteration
Previous by thread: Re: [Wireshark-dev] using pinfo structure to save data after first iteration
Next by thread: Re: [Wireshark-dev] using pinfo structure to save data after first iteration
Index(es):
- Date
- Thread