Wireshark mailing list archives

Re: Dissector skipping packets

From: Craig Bumpstead <cbumpste () yahoo com au>
Date: Tue, 4 May 2010 22:45:38 -0700 (PDT)

Steve,

I think I have found the problem.
Depending upon the packet type, the decode of the bytes following the packet type is different.

example: Packet Type 0
Trans type
Seq Num
Info type
Info State

Packet Type 2
Trans type
Seq Num
SPID
Message type


So the manner in which I was decoding the packet was wrong.

I'm not sure how to have different paths for decoding of packets. Any ideas of the protocol that I should look at for 
this type of decode?

Regards
Craig


----- Original Message ----
From: Stephen Fisher <steve () stephen-fisher com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Wed, 5 May, 2010 2:58:15 PM
Subject: Re: [Wireshark-dev] Dissector skipping packets

On Tue, May 04, 2010 at 08:28:38PM -0700, Craig Bumpstead wrote:

I have created a dissector for a proprietary dissector and at the 
moment it doesn't seem to decode packets 3, 6, 9, 12 etc.

I have put a breakpoint on dissect_myproto(tvbuff_t *tvb, packet_info 
*pinfo, proto_tree *tree), but it doesn't even enter that function on 
the above listed packets.

Not sure what is intercepting the packet before my dissector.


My first guess was that the packets not being handed to your dissector 
are TCP segments that are reassembled.  However, that would make more 
sense if it was dissecting packets 3, 6, 9 not everything but those.

What protocol(s) does your dissector use?  How are you registering it in 
proto_reg_handoff_<your proto>()?  Are packets 3, 6, 9 different in some 
way?


-- 
Steve
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



      
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Dissector skipping packets Craig Bumpstead (May 04)
- Re: Dissector skipping packets Stephen Fisher (May 04)
  - Re: Dissector skipping packets Craig Bumpstead (May 04)
    - Re: Dissector skipping packets Stephen Fisher (May 08)