Hi, I wrote a simple postdissector in lua but it seems to be executed twice when wireshark is opened and then every time for a packet I click on, or move to another packet with arrow keys. I've also noticed that if I restrict the execution by tracking how many times it was run for a given packet the new tree item will be removed. As if the display with new tree item was constructed on a click or move. Is that behavior expected ? asked 11 Oct '12, 09:28 izopizo |
One Answer:
Yes, this is expected behavior. The protocol tree is rebuilt each time you click on the item so that Wireshark does not have to keep (all!) the protocol trees in memory. IOW, the only protocol tree Wireshark keeps in memory is that of the currently-displayed frame. To do that, it must rebuild the tree each time you select the frame. answered 11 Oct '12, 10:39 JeffMorriss ♦ |