I am building a plugin for Wireshark, and I have several global variables that record and keep track of data from different packets. When a new capture is opened, I want to be able to clear these variables so the previous data isn't mixed up with the new data. Is there a function or property in Wireshark that can alert me that a new capture file has been opened? asked 22 Aug '14, 18:22  Frankie |
One Answer:
You can register a callback function thanks to the register_init_routine() function that will be called when opening a new capture (or applying a display filter). In your function, clear your data. You can see an example in packet-tcp.c. answered 23 Aug '14, 03:32  Pascal Quantin |
Worked perfectly, thanks!