This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I direct the packets to http?

0

Hi, I have dissector which dissects the packet at port 80 but If its not my packet its not going to http dissector what should i do? please help. when do I use dissector_delete?

asked 16 Mar '11, 23:36

niks3089's gravatar image

niks3089
21151518
accept rate: 0%


One Answer:

1

dissector_delete() is used only for the static dissector configuration, that is the per dissection session. If you need to do this per packet you should look into using heuristic dissectors. These return to the dissection engine whether or not they recognized the packet. If not the dissection engine passes the packet to the next one. In your case that would be the HTTP dissector. Make sure to set TCP dissector preference "Try heuristic sub-dissectors first"

answered 17 Mar '11, 00:06

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I have a signature to detect my packet. If it is not present it should return back to the wireshark where it will decide which port it should go to. How can I do this? Thanks in advance

(17 Mar '11, 00:52) niks3089