This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can a custom dissector analyze TCP header option field as well as data field?

0

I'm trying to create a custom dissector for my protocol. I have used one bit of an unused option field in TCP. I want to dissect the bit I used. I know that I can dissect data field as I want it to be but I want to know if I can dissect the header field how I want it to be when they are already defined in wireshark

asked 14 May '17, 21:40

ngn505's gravatar image

ngn505
6779
accept rate: 0%

edited 16 May '17, 00:01

'one bit of an unused option field'? Are you referring to TCP options or to the reserved bits in the TCP header between the data offset and the control bits?

(14 May '17, 23:46) Jaap ♦

I'm referring the TCP option and padding field

(16 May '17, 00:02) ngn505

For what version of Wireshark are you developing?

(16 May '17, 04:10) Jaap ♦

it's version 2.2.5

(16 May '17, 04:43) ngn505

One Answer:

1

In master-2.2 branch the TCP dissector has a 'closed' list of TCP options it can dissect, otherwise it just presents the option data without interpretation. You'll have to add your code to the TCP dissector itself if you want to show the interpretation of that bit in new TCP option.

answered 16 May '17, 23:35

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

oh that's great. Thank you for your help

I got one more question tho.. I was trying to find the TCP dissector but any of lua files I could see doesn't have clues of TCP option. Is TCP dissector contained in dll file? Or could you tell me where if you know?

(17 May '17, 22:26) ngn505

Wireshark is written in C / C++, not Lua. You can find the TCP dissector here.

(17 May '17, 23:19) Jaap ♦

Thanks a lot!

(18 May '17, 00:45) ngn505