I need a dissector for tcp Port 80 and the first Data Byte like Hex 03. Only then. If is not is Hex03 the normaly dissector run. I use Wireshark Version 1.6.5 Thanks Ralf asked 25 Mar '12, 23:33 Ralf Kruppa retagged 26 Mar '12, 05:37 bstn |
One Answer:
Create your dissector as an heuristic dissector and check the TCP preference "Try heuristic sub-dissectors first" answered 26 Mar '12, 04:17 Jaap ♦ |
I use an LUA Datei und at the moment i use this:
-- Zuweisung der TCP-Tabelle http_table = DissectorTable.get("http.port") -- Zuweisung der zu überwachenden Ports http_table:add(0080,MY_proto)
So i get all Packts of Port 80. I neet only the Packets where the first Byte of the TCP Date ist HEX 03.
Thanks Ralf
So you dissector should check the first byte it is given, and if it is 0x03 process the data. If it isn't then return FALSE indicating that your dissector didn't handle the message.
See README.heuristic in the doc subdirectory of the source tree for all the essential details.