I am a bit new at writing dissectors for Wireshark and trying to find a way to create a different tree that occurs if I get a certain message in the header of each packet as well as the number of bytes in the packet according to another part of the header. How would I go about changing how each message is dissected based upon the message type that I receive in the header file? asked 03 Jul '14, 08:00  raiku11 |
One Answer:
Either create a switch statement that dissects according to the message type, or create sub-dissectors for each message type and again call them depending on the message type value. The switch is usually enough for simple cases. answered 03 Jul '14, 08:02  grahamb ♦ |
