TCP ACK Protocol display

edit

packet-tcp.c is big to search for the exact check but if there is no data to decode why should the tcp dissector process the tcp.port table?

Ok, it makes sense that the dissector does not get called when there's no data to dissect.
But is there a way to have those packets (ACK only no data) to be flagged as 'MY_CUSTOM_PROTOCOL' instead of simple TCP ?
My goal is is to be able to see how much traffic (in proportion) my protocol is creating. With the Protocol Hierarchy visualization, I have the packets containing data that are counted as MY_CUSTOM_PROTOCOL, but then all of the ACKs are counted under TCP directly. I would like to be able to see all under MY_CUSTOM_PROTOCOL (because fundamentally, those ACKs packets are coming from communication using MY_CUSTOM_PROTOCOL)

https://gitlab.com/wireshark/wireshar... is someone else making the same request.

You go in front of tcp by replacing it's entry in ip.proto table with your dissector then calling tcp as needed.

No, you can't. How can Wireshark know, without calling your dissector, that those ACK packets are actually coming from communication with your protocol? Yes, your protocol might be set to the port, but dissectors can be set to a port and reject packets. They can accept some packets on a connection but not others. They can even have multiple PDUs in a TCP segment with different dissectors and protocols.

Dissectors can be set up by port, by heuristics, and via other methods (set up by other connections like in FTP and TFTP, or mechanisms like ALPN.) How, consistently and for all dissectors, can Wireshark know that the ACK is actually coming from your protocol? Changing the column for TCP segments with no data only some conversations would be worse than not doing it at all due to the inconsistency IMO.