Setting a field optional when registering the header? (possible?)
I am a complete newbie when it comes to Wireshark and know just some basics of networking. This is my first time trying to make a dissector and I am using C++ to make the dissector. I have a protocol that has a large number of messages with unique element which tells me what kind of message it is, in the header. But, there are two formats for the header in the spec, one has 4 values while the other has 3. The 3 values are common between them. Is there any way I can set the header value to be optional? (and if I do set it optional, how would wireshark know is it is present or not?) If there is no way to do that, what would be a good way of making a dissector that meets the aforementioned requirements?
Is there a field in the header that indicates which format for the header is being used?
Hi Harris, I have a field which says which type of message I have and from the message I know what it's header looks like!