I'm trying to create a custom dissector for my protocol. I have used one bit of an unused option field in TCP. I want to dissect the bit I used. I know that I can dissect data field as I want it to be but I want to know if I can dissect the header field how I want it to be when they are already defined in wireshark asked 14 May '17, 21:40 ngn505 edited 16 May '17, 00:01 |
One Answer:
In master-2.2 branch the TCP dissector has a 'closed' list of TCP options it can dissect, otherwise it just presents the option data without interpretation. You'll have to add your code to the TCP dissector itself if you want to show the interpretation of that bit in new TCP option. answered 16 May '17, 23:35 Jaap ♦ oh that's great. Thank you for your help I got one more question tho.. I was trying to find the TCP dissector but any of lua files I could see doesn't have clues of TCP option. Is TCP dissector contained in dll file? Or could you tell me where if you know? (17 May '17, 22:26) ngn505 Wireshark is written in C / C++, not Lua. You can find the TCP dissector here. (17 May '17, 23:19) Jaap ♦ Thanks a lot! (18 May '17, 00:45) ngn505 |
'one bit of an unused option field'? Are you referring to TCP options or to the reserved bits in the TCP header between the data offset and the control bits?
I'm referring the TCP option and padding field
For what version of Wireshark are you developing?
it's version 2.2.5