I have written several UDP dissectors and they all work fine. I am struggling in creating my 1st TCP dissector for a custom protocol. No matter how I register the protocol wireshark seems to either ignore or override my dissector and use a standard decoder on the packet. The custom protocol port number is 8501 and it is always decoded as cmtp-mgt.
Any suggestions on what I am doing wrong would be appreciated.
asked 19 Aug ‘15, 00:50
For the SYN and SYN ACK there is no protocol involved, the description of the port comes from the "services" file that is either in the global or personal profile or maybe your OS.
answered 19 Aug '15, 06:22