 | 1 | initial version |
This is not an uncommon scenario. Protocols like FTP and VoIP protocols have similar characteristics. For FTP its the opening of a data connection, after negotiation via the control channel on the well-known FTP server port. In VoIP there is the example of SIP, which uses SDP to negotiate the ports to which the audio data is to be sent with RTP.
The infrastructure in Wireshark to support this is the 'conversation'. It's defined by its endpoints (IP/proto/port tuple, with optional wildcards) and can dynamically associate a protocol dissector to such conversation, eg. based on what is negotiated in a control channel. The README.dissector file has more information on this and the FTP and SDP dissectors should be illustrative as well.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
