Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I think what you'll need to do is to register your dissector a heuristic dissector. This basically means that your dissector will be handed every UDP packet that hasn't been claimed by another dissector [NOTE]. Your dissector will have to heuristically determine whether the packet is actually intended for your dissector or not and dissect it if it is or reject it if it isn't so that another dissector gets a chance to dissect it.

Refer to doc/README.heuristic as well as the many built-in Wireshark dissectors for examples on how to use this. One rather simple one is packet-wol.c.


[Note] Unless the UDP Try heuristic sub-dissectors first option is selected, in which case your dissector will get a chance to claim it before any other registered dissectors, although it's not entirely clear what the heuristic order will be, so it's possible that another heuristic dissector could still claim it, in which case heuristics need to be improved by the dissector that incorrectly claimed it or that dissector may need to be disabled altogether in order for your dissector to get a chance to claim the packet.