This is our old Q&A Site. Please post any new questions and answers at

There is another heuristic dissector that gets in the way and erroneously claims packets for its protocol. There is a change of protocols in the middle of my TCP session. So I'd rather use mine lua heuristic dissector first, and then pass whatever doesn't belong to it down to another built-in dissector.

Update... it looks like the other dissector does something with TCP sequence and overrides things. If I claim everything as mine (by returning true), then I'm not getting the dissector from libwireshark.dll in the way. So I guess nothing can be done.

asked 17 Jun '15, 14:01

mlt's gravatar image

accept rate: 0%

edited 17 Jun '15, 14:13

You could disable to dissector that causes problems.

Analyze -> Enabled Protocols


permanent link

answered 17 Jun '15, 23:01

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Unfortunately, I do need that another protocol. The actual problem is that BitTorrent dissector claims other packets before handshake as its own, whereas I would like to have I2P SAM dissector. Same port is being used, but the conversation starts with SAM and then switches over to BT. It is probably a bug for BT dissector. It shouldn't claim anything before the handshake.

(18 Jun '15, 09:39) mlt

I haven't tried to do it before, but I think you could disable the BitTorrent one in the GUI, but then still call/invoke the BitTorrent dissector from within your Lua-based I2P dissector. (i.e., using Dissector.get() and dissector:call())

(27 Jun '15, 17:12) Hadriel
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 17 Jun '15, 14:01

question was seen: 1,238 times

last updated: 27 Jun '15, 17:12

p​o​w​e​r​e​d by O​S​Q​A