This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Register dissector without particularities

0

I would know if it's possible to register a dissector for a protocol which hasn't particularities, neither fields nor ports are usable to determine the dissector to use. The only particularity it's the use of udp protocol.

In the same idea, Is it possible to register a subdissector for a protocol which can use one ore more upper protocol, without to precise a port or a field?

Thank

asked 27 Mar '11, 13:31

chronidev's gravatar image

chronidev
11557
accept rate: 0%

edited 27 Mar '11, 13:31


One Answer:

2

If your dissector can look at the payload of a UDP datagram and figure out if it's a packet for your protocol or not, you should make it a heuristic dissector. See the "README.heuristic" file in the doc subdirectory of the Wireshark source. If that's not possible, either give it a preference for the port to use, so the user can specify whatever port it happens to use in a particular capture, or register it as a "generic" dissector atop UDP, with "dissector_add_handle()", using "udp.port" as the dissector table name, which will allow the user to use the "Decode As..." menu to choose a particular port in a particular capture.

And, yes, it's possible to register a dissector in more than one dissector table; for example, the DNS dissector registers both atop UDP and atop TCP, and the IPv4 and IPv6 dissectors register atop many different link-layer protocols.

answered 27 Mar '11, 14:47

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Finally I found a way to do what I want. I just register the dissector, then I use the user preferences to activate or desactivate the dissector, with user preferences udp port.

(27 Mar '11, 15:42) chronidev