This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

“Show packet in new window” resets packet info to TCP

0

I am developing a dissector plugin to decode our company's wire-format for development and debugging purposes. The dissector properly decodes and displays information for the ports that the plugin automatically decodes as our protocol, however when I use "Show Packet In New Window" it will reset the Protocol Name and Protocol Info back to TCP while still displaying our decoded information in the packet's payload as we click through the different packets that contain our data.

If I use "Decode As" at this point to attempt to set the port manually back to our protocol, the packet information will blink to our protocol for a second, then back to TCP with TCP information (Again, while still displaying our decoded protocol in the payload data).

I'm unsure of the proper way to debug this problem, and have not been able to find similar issues with others. Has this been run into before, and are there any tips I can get? Any information that I can give to help solve this issue?

Developing and building in 1.99.X, Windows 7, 64-bit, building with Visual Studio 2013.

asked 06 Jul '15, 13:43

ayurov's gravatar image

ayurov
6114
accept rate: 100%

edited 07 Jul '15, 06:44

Is the plugin a C-code plugin, or Lua based?

(06 Jul '15, 15:29) Hadriel

Plugin is written in C, yes.

(07 Jul '15, 06:34) ayurov

One Answer:

0

Problem reported, and solved, in Bug 11369

answered 25 Aug '15, 12:24

ayurov's gravatar image

ayurov
6114
accept rate: 100%

edited 25 Aug '15, 15:26

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196