I'm working on a VNC-like dissector, a subdissector of TCP. With a large volume of messages, it would be helpful to see the image associated with a FramebufferUpdate message when looking through a capture file. I believe this would help locate the appropriate messages when working on a problem. Essentially, I would like to have a third option "Image View" added to the packet bytes pane. For packets with image data, the data would be shown in the packet bytes pane as pixels (visible image). In a perfect world, the non-image data in the packets would continue to be displayed in hex/text. I'm very new to Wireshark, but I guess this has been thought about. My question is really how would this fit into the Wireshark architecture. Enlightenment needed... asked 15 Sep '15, 18:54  Chad Farmer |
One Answer:
With the current architecture, nowhere. Dissectors CANNOT do any GUI stuff, such as displaying images as their code must function within the purely command-line TShark, so you won't be able to get it as a packet bytes pane; changing that would require a change to the Wireshark architecture to allow a dissector to specify bytes to be shown as an image (for example, a field type of There's really no good way to mix the display of hex/text data and images in the same tab in the packet bytes pane; that doesn't really fit with the purpose of that display, and it wouldn't let people look at the raw bytes of the image. You'd probably want, instead, to have additional tabs in that pane, one per image, displaying an image instead of the hex bytes. answered 15 Sep '15, 20:01  Guy Harris ♦♦ |
That was enlightening, thank you.
FT_IMAGE_typefeels right. The data would be displayed in hex by default for TShark and Wireshark, but Wireshark could have an option for an image display. A separate tab would avoid disturbing existing code that manages the packet bytes pane.I do a fair amount of work at the command line, so I understand its value.
Regards...