Hello,
When dissecting packet, my custom protocol gets overwritten by higher level UDP. I can see my protocol being displayed for few seconds and then gets overwritten by higher level UPD in the Protocol and Info columns.
Any idea what could be causing this?
Thanks in advance.
Is it a higher-level UDP protocol that's overwriting it? I.e., your protocol is carrying (tunneling) UDP?
Or is it the lower-level UDP (i.e., your protocol is over UDP)?
Finally, what version of Wireshark are we talking about here?
Given your description that your protocol is displayed for a few seconds before being overwritten it sounds like (regardless of the answers to the above questions) that your dissector is not setting the columns on the 2nd (and subsequent) dissections of the packets. Check to make sure your col_set*() calls aren't inside a check on/conditional of pinfo->fd->flags.visited or whether tree is set or not.
Asked: 2018-06-19 01:34:35 +0000
Seen: 261 times
Last updated: Jun 19 '18
