This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Returning back to the dissector

0

I have my own dissector above tcp. I have a signature to detect my packet. If it is not present it should return back to the wireshark where it will decide which port it should go to. How can I do this? Thanks in advance

asked 17 Mar '11, 02:05

niks3089's gravatar image

niks3089
21151518
accept rate: 0%

currently the port number is 80

(17 Mar '11, 02:12) niks3089

One Answer:

1

If this is a heuristic or new-style dissector, just return FALSE or 0 to tell Wireshark that the packet is not for your protocol. Wireshark will figure out which other dissector(s) to (try to) give it to.

[Update] Don't forget to drop by and Accept this answer if it answered your question.

answered 17 Mar '11, 06:21

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

edited 09 Mar '12, 07:05