There is another heuristic dissector that gets in the way and erroneously claims packets for its protocol. There is a change of protocols in the middle of my TCP session. So I'd rather use mine lua heuristic dissector first, and then pass whatever doesn't belong to it down to another built-in dissector. Update... it looks like the other dissector does something with TCP sequence and overrides things. If I claim everything as mine (by returning true), then I'm not getting the dissector from libwireshark.dll in the way. So I guess nothing can be done. asked 17 Jun '15, 14:01  mlt edited 17 Jun '15, 14:13 |
One Answer:
You could disable to dissector that causes problems.
Regards answered 17 Jun '15, 23:01  Kurt Knochner ♦ |
Unfortunately, I do need that another protocol. The actual problem is that BitTorrent dissector claims other packets before handshake as its own, whereas I would like to have I2P SAM dissector. Same port is being used, but the conversation starts with SAM and then switches over to BT. It is probably a bug for BT dissector. It shouldn't claim anything before the handshake.
I haven't tried to do it before, but I think you could disable the BitTorrent one in the GUI, but then still call/invoke the BitTorrent dissector from within your Lua-based I2P dissector. (i.e., using
Dissector.get()anddissector:call())