Wireshark dissect function
https://stackoverflow.com/questions/1106124
-
12-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
When writing a dissector in Wireshark, is the dissect function in the dissector's source called on each packet in order, only once?
What could be possible reasons for tree values changing as I click on packets multiple times?
Solution
It is called once when the packet is first to display the high level information.
if (check_col(pinfo->cinfo, COL_PROTOCOL))
or
if (check_col(pinfo->cinfo,COL_INFO))
And called again when showing the body, ie when you click on that one packet.
if (tree)
I'd assume that the second call results are discarded, as if you have a large number of packets to decode keeping the details for each would be too large an overhead.
But as always some quick testing would be able to show if this is the case. (via a static counter)
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
