I have a custom plugin for wireshark. I found a bug, but I'm not sure what causes the bug.
During a live capture my plugin/dissector sometimes does not get called (No dissection information from my dissector), but this only happens sometimes. If I am to save the live capture and open the trace, everything is dissected perfectly, so it seems to be an issue with live capture. Any pointers as to why this is happening.
Dissector is written in C.
My plugin reroutes to one of two dissectors.
I write to the info column before "if(tree)" in my dissectors.
plugin registration: dissector_add_uint("tcp.port", Y_PORT, _handle); dissector_add_uint("tcp.port", Z_PORT, _handle); heur_dissector_add("udp", dissect_X, proto_X);
I am using pinfo->fd->flags.visited
asked 28 May '15, 14:42
edited 29 May '15, 07:21