I am writing a dissection script for wireshark and I should point the replies/ack for specific packets. As a first implementation I create an array and write down the request ID and when a reply arrives checks if it's ID is part of this table. I would like to print an arrow (just like ping request reply) to point out the request and reply.
asked 29 Jun '17, 03:27
In Lua you can add two ProtoField's (one for request and one for response) for this and use frametype.REQUEST / frametype.RESPONSE as valuestring. You will get the arrows when using this fields.
Have a look in the ProtoField documentation.
answered 08 Jul '17, 11:44
I think you have to make sure to register the fields appropriately
From the ICMP dissector: