This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to tell dissector to read AFTER my protocol?

0

Hi,

I have create a protocol between UDP and RTP, so the packet I want to capture with wireshark looks like this : ( IP, UDP, [my protocol], RTP )

I have written a lua file to include decoding of my protocol. After I decode my protocol I want to call a dissector to decode the RTP part. The problem is that it thinks it should start reading RTP after the UDP packet, and not after my protocol (which is 20 bytes )

Here is the code :

function MYPROTO.dissector (buffer, pinfo, tree)

local subtree = tree:add (MYPROTO, buffer()) local offset = 0
subtree:add (f.version, buffer (offset, 1)) offset = offset + 1 … rtp_table = Dissector.get ("rtp")
subtree:add (rtp_table, buffer(offset)) tvb=buffer() rtp_table:call(tvb:tvb(),pinfo,tree)

So the problem is that the RTP packets thinks the first bytes after UDP are RTP, but those are my protocol bytes. How can I tell the dissector that RTP should start dissecting AFTER my protocol?

Thank you in advance

asked 07 Nov ‘12, 01:03

harkap's gravatar image

harkap
58811
accept rate: 0%


3 Answers:

1

Eh, let's see. Maybe even easier, you could go with:

rtp_table:call(buffer(20):tvb(), pinfo, tree)

answered 08 Nov '12, 07:53

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

2

The last few lines of your code should be:

rtp_table = Dissector.get ("rtp")
subtree:add (rtp_table, buffer(offset))
tvb=buffer(20)
rtp_table:call(tvb:tvb(),pinfo,tree)

You might consider consolidating into one line:

Dissector.get('rtp'):call( buffer(20):tvb(), pinfo, tree )

Also, check out another similar question.

answered 08 Nov '12, 21:53

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

Hi,

Thank you very much that works great!

Another question : is there an rtp mux dissector?

Another question : Is there an dissectortable for UDP source port?

I cannot find the answer to that simple question, generally, WHAT types of dissectors and dissetortables EXISTS that i can use in the code?

Thank you!

(09 Nov '12, 00:50) harkap

I converted your "answer" to a comment as that's how this site works, and chose the one from @helloworld as it's the highest rated.

If an answer solves your problem please accept it for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ to find out how this site works.

As for your new questions, you should start new questions for those as they'll be lost in the comments to an answer.

(09 Nov '12, 01:26) grahamb ♦

0

Use tvb:range(20) to create a sub-TVB, starting from byte 20 of the buffer you get.

answered 07 Nov '12, 03:59

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Could you please provide an code example on how to do this?

(07 Nov '12, 06:31) harkap