I've written a dissector which can dissect a custom wrapper for bluetooth (one emitted by a bluetooth sniffer). I have it working nicely from a pcap file as USER10. I also added a heuristic to UDP so that I can do a live capture by writing to a local UDP port (pipes don't work yet in wireshark 1.11). The dissector decodes from and to addresses and puts those in the COL_DEF_DST and COL_DST_SRC columns, which is fine as a USER10 protocol, but when wrapped in UDP obviously I can't override the SRC and DST of 127.0.0.1 which the UDP dissector provides. What I'd like to do when decoded under UDP is put that information in the comment, it's not great, but at least it's there. Is there a way I can tell the context I'm dissecting in and determine if UDP is 'above' me, so I know I need to put the from and to into the comment instead of setting the columns? asked 23 Apr '14, 06:27  rols |
One Answer:
You coud try using pinfo->ptype == PT_UDP. answered 23 Apr '14, 08:00  Anders ♦ |
