I am trying to add custom protocols in the wireshark. There are multiple protocols which communicate on the same tcp port i.e. tcp port for all the protocols would be the same . How can i make wireshark to call a dissector specific to the protocol As according to my understanding the dissector would be called when it detects traffic on the specified tcp port. So how it will decide to call the specific dissector from multiple dissectors This question is marked "community wiki". asked 16 Apr '14, 01:43 Balpreet Singh edited 16 Apr '14, 02:03 |
One Answer:
Your dissectors will have to either use a heuristic by examining the first few bytes of data to determine if the data is for that protocol and not dissecting anything and returning 0 if not, or you can manually disable the dissectors as required. Have a look at README.heuristic in the doc directory of the source. answered 16 Apr '14, 02:21 grahamb ♦ |
Or in your main dissector read the bytes needed to find out which sub dissector to call and call that dissector with the tvb.