This is a static archive of our old Q&A Site. Please post any new questions and answers at

Regular dissector or heuristic dissector?


We have a custom hardware device that uses the IEEE 802.15.4 transport mechanism. To capture these data in WireShark, we are making use this project

When the data is captured, data transmission packets appear as protocol LwMesh and acknowledgment packets appear as protocol IEEE 802.15.4.

We want to create a custom dissector, to be applied to all of our packets, to more readily understand the traffic. Based on my reading (and I am brand new to this), it is not clear to me if I should create a regular dissector or a heuristic dissector. In either case, I do not understand why the new dissector would be given preference over the existing one (or, similarly, how to apply a specific dissector to multiple packets).

Would you please point me int he direction of an answer. Thank you.

asked 09 Oct '17, 20:17

groston's gravatar image

accept rate: 0%