This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to identify packets

0

Can column number be read?

I need to identify packets with some unique identifier. Since packets are dissected more than once in some cases it would be nice to know when the same packet has come back. In wireshark you see "packet number" as the first column but I don't know how to access this number in a function. Presumably, just being able to know that would be great; I could tell which packet was which from just that information. However, any other identifier would work too; is there some kind of read column function (TCP)? I'm working with the dissector, I can't just use filter options.

asked 15 Jan '15, 13:23

nicole_identity's gravatar image

nicole_identity
11336
accept rate: 0%

edited 15 Jan '15, 13:28


One Answer:

2

As @grahamb told you in your previous thread, you can check whether a packet was already seen thanks to the PINFO_FD_VISITED(pinfo) macro (=0 when packet is seen for the first time, 1 for all subsequent decodings).

If you really need it, frame number can be retrieved by PINFO_FD_NUM(pinfo) macro.

answered 15 Jan '15, 13:52

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%