This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

dissection of a protocol

Good morning everyone,

i want to dissect a protocol encapsulated in UDP.

so i don't know if i should create a plugin or add a new dissector in wireshark.

because i have already create a plugin for this protcole , but when this one is not encapsulated under UDP.

can anyone tell me if i should create a new plugin or a new dissctor , or just modify my plugin

thank you.

plugin

asked 07 Aug '13, 02:16

cruz
11●4●4●6
accept rate: 0%

One Answer:

Your plugin can register with the udp dissector for a particular port using dissector_add_uint("udp.port", A_PORT_NUMBER, your_dissector_handle) or can register as a heuristic dissector using heur_dissector_add("udp", your_dissector_udp_function, your_dissector_ protoregistration_value).

answered 07 Aug '13, 03:24

grahamb ♦
19.8k●3●30●206
accept rate: 22%

Just to clarify (I think) what Graham is saying: it probably makes more sense to just modify your existing plugin/dissector rather than building a new one.

(07 Aug '13, 06:54) JeffMorriss ♦

Thank's for your answer;

(09 Aug '13, 07:42) cruz

If the answer answers your question, please be sure to "accept" it by clicking the check box. See the FAQ for more details.

(09 Aug '13, 07:45) JeffMorriss ♦