Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

This goes back to the core of packet dissection, and the inner working of the dissection engine. What it basically comes down to is that from some external source (being a network interface, through libpcap, or from a file, through libwiretap, etc) frames come in with a specified datalink layer type. From this DLT the determination is made to what dissector this frame is handed to first. Once this dissector has done its thing with the part of the frame it understands, it passes the rest of the frame onto the next dissector. But what is the next dissector? This is the dissector which registered itself as interested. This allows a chain of dissectors to be created.

As per the example, the FOO dissector is interested in UDP payloads from UDP packets on port FOO_port. It asks the rest of the frame to be passed to foo_handle().

So in your case what is the DLT of the frames coming in? What dissector is available for that DLT, and what dissector chaining options does it provide?