OSQA is unmaintained. Help us figure out where to go from here.

I would know if it's possible to register a dissector for a protocol which hasn't particularities, neither fields nor ports are usable to determine the dissector to use. The only particularity it's the use of udp protocol.

In the same idea, Is it possible to register a subdissector for a protocol which can use one ore more upper protocol, without to precise a port or a field?


asked 27 Mar '11, 13:31

chronidev's gravatar image

accept rate: 0%

edited 27 Mar '11, 13:31

If your dissector can look at the payload of a UDP datagram and figure out if it's a packet for your protocol or not, you should make it a heuristic dissector. See the "README.heuristic" file in the doc subdirectory of the Wireshark source. If that's not possible, either give it a preference for the port to use, so the user can specify whatever port it happens to use in a particular capture, or register it as a "generic" dissector atop UDP, with "dissector_add_handle()", using "udp.port" as the dissector table name, which will allow the user to use the "Decode As..." menu to choose a particular port in a particular capture.

And, yes, it's possible to register a dissector in more than one dissector table; for example, the DNS dissector registers both atop UDP and atop TCP, and the IPv4 and IPv6 dissectors register atop many different link-layer protocols.

permanent link

answered 27 Mar '11, 14:47

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

Finally I found a way to do what I want. I just register the dissector, then I use the user preferences to activate or desactivate the dissector, with user preferences udp port.

(27 Mar '11, 15:42) chronidev
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 27 Mar '11, 13:31

question was seen: 3,076 times

last updated: 27 Mar '11, 15:42

p​o​w​e​r​e​d by O​S​Q​A