Re: Wireshark dissectors port preference

[Guy Harris <guy () alum mit edu>]

On Nov 23, 2009, at 7:48 AM, sean bzd wrote:

> I have two custom protocol dissectors. The first dissector  
> (first.dll) dissects tcp traffic on particular port(say 12345) and  
> then it needs to hand off the rest of the data to the second  
> dissector (second.dll). Is there a way to let wireshark know that  
> any traffic from and to 12345 port FIRST needs to be parsed by  
> first.dll and THEN by second.dll??

Yes.

You have the second dissector register itself by name, with  
register_dissector(), in its register routine; you have the first  
dissector find the second dissector by name, in its register-handoff  
routine, and save as a global variable the dissector handle it gets  
back; and then, when the first dissector hands off the rest of the  
data to the second dissector, it does so using call_dissector() with  
the handle in question.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe