I would know if it's possible to register a dissector for a protocol which hasn't particularities, neither fields nor ports are usable to determine the dissector to use. The only particularity it's the use of udp protocol.
In the same idea, Is it possible to register a subdissector for a protocol which can use one ore more upper protocol, without to precise a port or a field?
If your dissector can look at the payload of a UDP datagram and figure out if it's a packet for your protocol or not, you should make it a heuristic dissector. See the "README.heuristic" file in the doc subdirectory of the Wireshark source. If that's not possible, either give it a preference for the port to use, so the user can specify whatever port it happens to use in a particular capture, or register it as a "generic" dissector atop UDP, with "dissector_add_handle()", using "udp.port" as the dissector table name, which will allow the user to use the "Decode As..." menu to choose a particular port in a particular capture.
And, yes, it's possible to register a dissector in more than one dissector table; for example, the DNS dissector registers both atop UDP and atop TCP, and the IPv4 and IPv6 dissectors register atop many different link-layer protocols.
answered 27 Mar '11, 14:47
Guy Harris ♦♦