Hi, I am trying to find out whether a packet is TCP or UDP in my dissector. The way I am doing this is:- pinfo.cols.protocol == "tcp" , but for some reason, it is showing as false for valid TCP packets. Hence I wanted to know the correct way to recognize whether a packet is TCP or UDP in the dissector. I am using Lua to create my dissector. Thanks. asked 18 Aug '16, 10:38  shobhit_garg91 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I've only written a postdissector in LUA but assuming your dissector sits above the IP layer can you not just extract the ip.protocol value?
@PaulOfford is right except that the exact field name provided by Wireshark's IP dissector is
ip.proto.