1 | initial version |
Is it a higher-level UDP protocol that's overwriting it? I.e., your protocol is carrying (tunneling) UDP?
Or is it the lower-level UDP (i.e., your protocol is over UDP)?
Finally, what version of Wireshark are we talking about here?
Given your description that your protocol is displayed for a few seconds before being overwritten it sounds like (regardless of the answers to the above questions) that your dissector is not setting the columns on the 2nd (and subsequent) dissections of the packets. Check to make sure your col_set*()
calls aren't inside a check on/conditional of pinfo->fd->flags.visited
or whether tree
is set or not.