On Wed, Dec 08, 2010 at 12:29:40PM +0530, Vishal Kumar Singh wrote: > In wireshark, I am trying to decode a packet by taking its information > from the last decoded packet (Control packet and Data Packet). In the > first time, few data packet takes wrong information and, decodes the > packet accordingly. When I mark the faulty packet and clear the > filter, the decoding of faulty packet becomes good. What should be the > reason behind this? Please, help me out.
Although Wireshark dissects the packets in order when first opening a capture or performing a capture, it may re-dissect packets after that in no particular order. The best solution is to keep track of the information from previous packets only on the first pass and store the data on a per-conversation and per-packet basis. See README.developer in the doc directory for more information (look at sections 2.2 Following conversations and 2.5 Per-packet information). You can either check to see if the data has already been stored in these structures when you (re-)dissect a packet or check the boolean value pinfo->fd->flags.visited (TRUE or FALSE) to see if that packet has already been dissected. There are numerous examples, but the one that I worked on comes to mind which is packet-vnc.c. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
