Right now our dissector - just dumps the json of the packet and does nothing else. But for a better programmability - A dissector should support at-least following APIs (which actually mimic wireshark's API, but are more Pythonic)
Packet - is a tree of Field s and a Buffer and some metadata (Think of things from pcap_header)
A Field maps roughly to wireshark's proto_node and fileld_info structure combined - among other things it should have -
- Name
- Abbrev
- summary (something that we are dumping in json)
- details (something we are dumping in Packet Details)
- Level (just easier for displaying)
start / length -> 'offset' into Packet's byte array.first_child, last_child, parent, next
Right now our dissector - just dumps the
jsonof the packet and does nothing else. But for a better programmability - A dissector should support at-least following APIs (which actually mimic wireshark's API, but are more Pythonic)Packet- is a tree ofFields and aBufferand some metadata (Think of things frompcap_header)A
Fieldmaps roughly to wireshark'sproto_nodeandfileld_infostructure combined - among other things it should have -start/length-> 'offset' intoPacket's byte array.first_child,last_child,parent,next