This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I need to read the packet sequence somehow (or otherwise identify retransmissions) from my dissect_foo, but I can't read data from private_data. According to packet-tcp.h, private_data is in pinfo and can be accessed for information about the packet. Unfortunately the value of private_data is NULL so I can't do anything with it. Other than modifying packet-tcp itself, is there any way that I can identify whether a packet is a retransmission?

asked 19 Jan '15, 10:48

nicole_identity's gravatar image

nicole_identity
11336
accept rate: 0%


The tcp_analysis structure can be retrieved thanks to the get_tcp_conversation_data() function. The flags can then be retrieved by doing a lookup on the acked_table (see tcp_analyze_get_acked_struct() function in packet-tcp.c for details).

If you want to have access to the tcpinfo struct, then the method differs depending on the version you use: pinfo->private_data is no more used in master branch (1.99.X version). Instead the structure is given in the data parameter of your dissector (you must register your dissector as new_dissector_t to have access to it).

permanent link

answered 19 Jan '15, 12:59

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×637
×104
×39

question asked: 19 Jan '15, 10:48

question was seen: 1,283 times

last updated: 19 Jan '15, 12:59

p​o​w​e​r​e​d by O​S​Q​A