I working with a small team to develop a wireshark plugin for a new protocol.
The protocol has no header, so it is difficult (impossible maybe) to identify weather or not a packet contains this protocol.
Also the protocol is state dependent, so it is important our plugin not receive packets containing other protocols.
Currently our plugin works by assuming everything on a given UDP port is our protocol.
Is there some way to identify other protocols sent on our port, or at least tell wireshark to check all other protocols first before handing packets off to our plugin?
Thanks much for your help!
asked 26 Jan '11, 14:08
The best you can do is enable the UDP preference: "Try heuristic sub-dissectors first".
answered 26 Jan '11, 14:21