Hi,
That is a very poor way of doing that for several reasons.
1. There may be not only missing packets, but also out-of-sequence packets.
2. There may be more than one packet flow in the capture.
So, the solution is a bit more complex than this.
1. Make a linked list to track seen packet numbers, or make a tap.
2. Use conversations to track multiple packet flows.
Al this is described in the doc/README files and techniques can be found in
various dissectors.
Thanx,
Jaap
Barnes, Pat wrote:
> If you use a local static variable in the dissect_yourprot() function,
> it will store the number across packets.
>
> eg:
> //don't expect this to compile, it's just a mock-up
> static int dissect_yourprot(pinfo, tvb, tree) {
> static guint32 last_sequence_number = 0;
> guint32 sequence_number;
>
> ...
>
> sequence_number = tvb_get_ntohl(tvb, 2);
> if (last_sequence_number && sequence_number != last_sequence_number
> + 1) {
> //gap!
>
> }
> last_sequence_number = sequence_number;
>
> ...
> }
>
> -Patrick
> ------------------------------------------------------------------------
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Kwan Ng [LAVA]
> *Sent:* Thursday, 17 July 2008 7:55 AM
> *To:* [email protected]
> *Subject:* [Wireshark-dev] flagging gaps in sequence
>
> Hi,
>
>
>
> I’m fairly new to Wireshark development...actually, I just started today.
>
>
>
> I wrote a plugin for a UDP based protocol and it’s working fine. The
> protocol has a sequence number as the second field (4 bytes, offset = 2
> bytes). The sequence numbers are sent sequentially, but since this is
> UDP, I am not guaranteed to receive all packets. How can I get the
> plugin to check for gaps in the sequence numbers?
>
>
>
> Thanks.
>
>
>
> Kwan Ng
>
> Development Integration Specialist
>
_______________________________________________
Wireshark-dev mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-dev
