This is our old Q&A Site. Please post any new questions and answers at

I wrote a Custom Dissector for one of the Protocols. I used Wireshark 1.5.2 Dev Version. The problem is that if I use the dll anywhere on my machine(whether dev version or installed 1.6 version) it works. But if I transfer it to some other machine and even if I run it with Wireshark 1.6 then the part related to conversations and finding the Response time does not work. All other parts of dissector work perfectly even on the other machine.

For finding Response Time I use logic similar to DIAMETER Protocol Dissector WHEREIN i store Time when Req came in a Tree and later on when Rsp packet comes, query the tree to find req time.

Does anyone know what could be the Problem ? Does it have anything to do with WinPCAP Version ?

asked 28 Jun '11, 11:02

varun%20saxena's gravatar image

varun saxena
accept rate: 100%

Which version of the Microsoft compiler are you using? Which version of the compiler were the versions of Wireshark running on the other computers compiled with? Find out from Wireshark's "Help -> About" dialog. Have you tried compiling your dll against the same 1.6.0 sources using the same version as what's running on the other computers?

I don't know the answer to your question, but it has nothing to do with WinPcap.

(30 Jun '11, 18:20) cmaynard ♦♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 28 Jun '11, 11:02

question was seen: 2,306 times

last updated: 30 Jun '11, 18:20

p​o​w​e​r​e​d by O​S​Q​A