This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Adding multiple Custom protocol dissectors in wireshark

0

I am trying to add custom protocols in the wireshark. There are multiple protocols which communicate on the same tcp port i.e. tcp port for all the protocols would be the same . How can i make wireshark to call a dissector specific to the protocol As according to my understanding the dissector would be called when it detects traffic on the specified tcp port. So how it will decide to call the specific dissector from multiple dissectors

This question is marked "community wiki".

asked 16 Apr '14, 01:43

Balpreet%20Singh's gravatar image

Balpreet Singh
1224
accept rate: 0%

edited 16 Apr '14, 02:03


One Answer:

1

Your dissectors will have to either use a heuristic by examining the first few bytes of data to determine if the data is for that protocol and not dissecting anything and returning 0 if not, or you can manually disable the dissectors as required.

Have a look at README.heuristic in the doc directory of the source.

answered 16 Apr '14, 02:21

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

1

Or in your main dissector read the bytes needed to find out which sub dissector to call and call that dissector with the tvb.

(16 Apr '14, 07:44) Anders ♦