Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ask about dissector_add ( ) function to instruct wireshark to pass packet to my dissector

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Wed, 22 Jun 2011 08:23:23 +0200
Hi,

Have a look at packet-rtp.c, which does a similar thing.

Check for heur_dissector_add( "udp", dissect_rtp_heur, proto_rtp);

Thanks,
Jaap


On 06/22/2011 05:59 AM, cq x wrote:

thank you

on top of UDP

yes, it is looking for a special value in the first byte of the packet

Thanks again




 > From: guy () alum mit edu
 > Date: Tue, 21 Jun 2011 17:56:37 -0700
 > To: wireshark-dev () wireshark org
 > Subject: Re: [Wireshark-dev] ask about dissector_add ( ) function to instruct 
wireshark to pass packet to my dissector
 >
 >
 > On Jun 21, 2011, at 4:18 PM, Changqin Xia wrote:
 >
 > > I am a newbie on dissector development. I have a question about the 
"dissector_add( )" function.
 > >
 > > I went through a few examples, most of them are using "tcp.port" or 
"udp.port" or something like that.
 > >
 > > My dissector not uses any port number to instruct wireshark to pass packets 
to my dissector, my dissector is using "Magic" (the first byte).
 >
 > What protocol does your dissector's protocol run on top of? TCP, UDP, or 
something els e?
 >
 > And when you say "my dissector is using "Magic" (the first byte)", do you 
mean it's looking for a special magic value in the first byte of its packet data?


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: