This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to switch protocol on the same conversation

Hi, I have a proprietary protocol (tcp transport layer) that starts (on the same connection ie. same port ) before an underlying known protocol such as HTTP. Is there a way to dissect the the proprietary protocol and than let wireshark to continue dissecting it as the underlying protocol? I am using lua. Thanks

addition On application layer... My protocol dissects on port 8080, and get some info from proprietary protocol then it should switch to HTTP and continue to work as usual till the and of the stream (conversation).

lua dissector proprietary

asked 19 Apr '15, 04:30

acohen
6●1●1●3
accept rate: 0%

edited 20 Apr '15, 04:23

Please define protocol stack.

From what I make up from your text this is: Ethernet / IP / TCP / Prop.Proto

Which later becomes

Ethernet / IP / TCP / HTTP

on the same ports. Is this correct?

(20 Apr '15, 02:34) Jaap ♦

Yes, On application layer... My protocol dissects on port 8080, and get some info from proprietary protocol then it should switch to HTTP and continue to work as usual till the and of the stream (conversation).

(20 Apr '15, 04:22) acohen