I am working on different plugin dissectors to dissect following Protocol stack: Ethernet -> ProtoA -> ProtoB or C. In the
In the
In the
In the
Everything is decoded just fine, but still if i open the decode as dialog only the link layer dissectors are shown and i cant choose to decode ProtocolB as ProtocolC. What do I miss? asked 22 Feb '13, 06:35  Andreas Wilkes |
One Answer:
Adding a dissector table dosen not automatically add it to "decode as", isn't there any indication in proto A to say if the payload is B or C? answered 22 Feb '13, 08:36  Anders ♦ |
I.e., at least currently, "decode as" is not a general UI mechanism for all dissector tables, it has a small number of dissector tables (Ethertype, TCP/UDP/etc. ports, DCE RPC) wired into it.
Good to know that the decode as does not automatically works for plugins. @Anders There is an indication which protocol follows but the reason i wanted the decode as functionality is to be able to decode something what is indicated to be B as C (i.e. if the next field in A is filled with the wrong value.)
"Decode as" doesn't automatically work for arbitrary dissector tables, regardless of whether the dissector table was created by a plugin or a built-in dissector; this problem would exist even if Wireshark didn't support plugins.
You could try adding a preference to the protocol A dissector to specify that it should, for example, treat a next-protocol value of B as if it were C. ("Decode as", even if and when it supports arbitrary dissector tables, wouldn't let you specify this on a per-packet basis - the whole point is to override the dissector choice for all packets with a given value.)