Hello,
I custom dissectors (for each protocol) which uses same ports:
- protocol A uses ports 1000 and 2000 (some messages are with src and dst 1000, other with src 1000 and dst 2000)
- protocol B uses ports 2000 and 3000 (some messages are with src and dst 2000, other with src 2000 and dst 3000)
- protocol C1 uses ports 3000 and 4000 (some messages are with src and dst 3000, other with src 3000 and dst 4000)
- protocol C2 uses ports 4000 and 5000 (some messages are with src and dst 4000, other with src 4000 and dst 5000)
some additional information:
- all those protocols have common header (lets say AB:CD), there maybe other protocols with same headers.
- C1 and C2 are same protocols, but have different destination - therefore the differentiation.
- For each protocol, two of the messages for each protocol are with pretty high rate (50msec).
I'd like to have some easy identification of those protocols in the Wireshark stream.
What is the suggestion for creating those dissectors? Some of the things I've thought of:
- I can create all the protocols in one file and associate all those ports, but in such case it would be harder to identifiable (will have to add also port numbers for the filtering rather than only the name).
- generate 3 dissectors and in each dissector to verify the (src,dst) ports - I've tried it, but it is not always working. probably there is a meaning for the order in the init.lua
