This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have a custom plugin for wireshark. I found a bug, but I'm not sure what causes the bug.

During a live capture my plugin/dissector sometimes does not get called (No dissection information from my dissector), but this only happens sometimes. If I am to save the live capture and open the trace, everything is dissected perfectly, so it seems to be an issue with live capture. Any pointers as to why this is happening.

Thanks

Edit:

Dissector is written in C.

My plugin reroutes to one of two dissectors.

I write to the info column before "if(tree)" in my dissectors.

plugin registration: dissector_add_uint("tcp.port", Y_PORT, _handle); dissector_add_uint("tcp.port", Z_PORT, _handle); heur_dissector_add("udp", dissect_X, proto_X);

I am using pinfo->fd->flags.visited

asked 28 May '15, 14:42

XQW1123's gravatar image

XQW1123
4681014
accept rate: 0%

edited 29 May '15, 07:21

1

How is your plugin called? Via UDP/TCP port registration - or? Is it written in LUA or C? Do you add stuff to the columns and tree before if(tree)? are you using pinfo->flags.vissited in your code? Is it a heuristic dissector?

(29 May '15, 00:01) Anders ♦

Dissector is written in C.

My plugin reroutes to one of two dissectors.

I write to the info column before "if(tree)" in my dissectors.

plugin registration: dissector_add_uint("tcp.port", Y_PORT, _handle); dissector_add_uint("tcp.port", Z_PORT, _handle); heur_dissector_add("udp", dissect_X, proto_X);

Yes I am using pinfo->fd->flags.visited

(29 May '15, 07:19) XQW1123
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×637
×549
×173
×34

question asked: 28 May '15, 14:42

question was seen: 1,067 times

last updated: 29 May '15, 07:21

p​o​w​e​r​e​d by O​S​Q​A