Force DPLAY dissector

asked 2018-08-29 18:47:38 +0000

Hermann


I am trying to examine the network traffic of an old DirectPlay 9 based game. The DPLAY dissector plugin is enabled, but it is not actually dissecting. I cannot even force it in the "Decode as…" dialouge since the dissector does not show up in the list. I did similar experiments a couple of years ago. Back then, everything worked out of the box. What am I doing wrong today?

In case it helps, I uploaded a capture containing some packets I want to have dissected:

Kind Regards

answered 2018-08-29 21:46:45 +0000

Guy Harris

updated 2018-08-29 21:47:18 +0000

The dissector is solely a heuristic dissector, so it's not one that can be used with "Decode as...".

The heuristic was broken by a change to optimize the heuristics (although I'm not sure whether the resulting code was measured as being faster). Please file a bug on this on the Wireshark Bugzilla, so we can record that it is buggy and track the process of fixing it; attach the capture file in question to the bug.

Bug 15092 was raised for this and it was fixed in master by change 29351.

You can either grab an automated build, or wait for a new release of the version you're running (as long as it's a supported version). As we just released yesterday, it will probably be 6 weeks or so until the next release.

grahamb ( 2018-08-30 16:36:53 +0000 )

Wow, that was surprisingly fast! I just built from git. Working as intended. :) Thank you. 👍

Hermann ( 2018-08-30 17:51:11 +0000 )

That was another option which I'd left out!

grahamb ( 2018-08-30 21:26:45 +0000 )

