Re: New Dissector only applied to first packet

[Jan Willamowius <jan () willamowius de>]

Guy Harris wrote:
> > My dissector only handles UDP packets, but strangely the stop-packets
> > are all TCP packets and I have verified that my dissector never even
> > gets called for them.
>
> A dissector for one protocol can set up future (in the sense of "later in the capture") packets to or from certain 
> endpoints to be dissected as a particular protocol.  This is used, for example, for protocols such as SIP, which 
> initiate a session and specify "use port XXX" for that session, so that future UDP traffic to or from port XXX should 
> be dissected as RTP for that session.
>
> What protocol(s) are in the TCP packets in question?

Thats it!

I'm doing a dissector to decode the H.460.19 RTP multiplexing used by
H.323 and the packets I have to ignore contain openLogicalChannel
messages that probably set up rules to decode future packets as RTP.

Is there a way to override these rules for future packets ?
Or is the only way to adapt the dissector for H.323 to auto detect when
RTP multiplexing is used ?

To start out I was planning to use a manual Decode As instead of the
more difficult auto-detect.

Regards,
Jan
-- 
Jan Willamowius, jan () willamowius de, http://www.willamowius.de/
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe