This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I was wondering if there is some way to do this. 1. to decode the options part of tcp protocol or say dissect the options part of the tcp header. 2.once i decode the options part, get wireshark to do the rest of decoding as usual.

There are certain options that wireshark shows as unknown. These contain some important info which my company has requested me to dissect. Kindly let me know where I should make the change since the packet-tcp.c is very complicated

asked 27 Mar '11, 06:30

niks3089's gravatar image

niks3089
21151518
accept rate: 0%


You should modify the tcpopts array to add the TCP options in question. See epan/ip_opts.h for the definition of the ip_tcp_opt structure.

If you have any more questions, you should ask them on the wireshark-dev mailing list; see the Wireshark mailing list page for more information.

permanent link

answered 27 Mar '11, 14:35

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hi Is there anyway we can do this using the Lua dissector? I know I need to use the chained dissector but will I need to parse the Options from the beginning in order to reach the unknown part in the options or can I jump to the unknown part in the options?

(26 Sep '13, 23:29) Vinay
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×637
×16

question asked: 27 Mar '11, 06:30

question was seen: 5,293 times

last updated: 26 Sep '13, 23:29

p​o​w​e​r​e​d by O​S​Q​A