This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am trying to add custom protocols in the wireshark. There are multiple protocols which communicate on the same tcp port i.e. tcp port for all the protocols would be the same . How can i make wireshark to call a dissector specific to the protocol As according to my understanding the dissector would be called when it detects traffic on the specified tcp port. So how it will decide to call the specific dissector from multiple dissectors

This question is marked "community wiki".

asked 16 Apr '14, 01:43

Balpreet%20Singh's gravatar image

Balpreet Singh
1224
accept rate: 0%

edited 16 Apr '14, 02:03


Your dissectors will have to either use a heuristic by examining the first few bytes of data to determine if the data is for that protocol and not dissecting anything and returning 0 if not, or you can manually disable the dissectors as required.

Have a look at README.heuristic in the doc directory of the source.

permanent link

answered 16 Apr '14, 02:21

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

1

Or in your main dissector read the bytes needed to find out which sub dissector to call and call that dissector with the tvb.

(16 Apr '14, 07:44) Anders ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×173
×158
×124
×4

question asked: 16 Apr '14, 01:43

question was seen: 3,170 times

last updated: 16 Apr '14, 07:44

p​o​w​e​r​e​d by O​S​Q​A