Understanding 802.15.4 (WPAN) dissection

[Eduard GV <eduardgv () gmail com>]

Hi all,

I first tried the users mailing list to see if I could avoid touching
code (I'm not a programmer!), but I got no response:
http://seclists.org/wireshark/2010/May/112


THE SCENARIO: Wireshark receives wpan (802.15.4) frames from an Exegin
Q51 probe. These frames are wrapped in ZEP UDP datagrams

THE PROBLEM: IP --> UDP --> ZEP and 802.15.4 headers are decoded
properly, but the 802.15.4 payload is always decoded as ZigBee even
though there is no zigbee at all


I tried looking into packet-ieee802154.c, packet-zbee-nwk.c,
packet-6lowpan.c, etc. and I suspect that the key is
heur_dissector_add(), used to register "post-wpan" dissectors. Where
is this function?

In order to avoid this behavior,
Would be enough to simply call
call_dissector(data_handle, payload_tvb, pinfo, tree);

when trying to dissect the 802.15.4 payload, be enough?

Thanks!
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe