I was wondering if there is some way to do this. 1. to decode the options part of tcp protocol or say dissect the options part of the tcp header. 2.once i decode the options part, get wireshark to do the rest of decoding as usual. There are certain options that wireshark shows as unknown. These contain some important info which my company has requested me to dissect. Kindly let me know where I should make the change since the packet-tcp.c is very complicated asked 27 Mar '11, 06:30  niks3089 |
One Answer:
You should modify the tcpopts array to add the TCP options in question. See epan/ip_opts.h for the definition of the ip_tcp_opt structure. If you have any more questions, you should ask them on the wireshark-dev mailing list; see the Wireshark mailing list page for more information. answered 27 Mar '11, 14:35  Guy Harris ♦♦ |
Hi Is there anyway we can do this using the Lua dissector? I know I need to use the chained dissector but will I need to parse the Options from the beginning in order to reach the unknown part in the options or can I jump to the unknown part in the options?