I'm developing a custom dissector for a version of Wireshark (1.0.15) that doesn't have the tcp.no_subdissector_on_error option. How can my dissector determine that a TCP error (retransmit, out-of-order, etc) occurred so that it can choose not to dissect it? asked 01 Jul '15, 08:57  mjs9585 |
One Answer:
Waouh, that is old! Given what I see in wireshark-1.0.5 this does not seem possible as the TCP analysis is not available to sub dissectors. If you are building your own version of Wireshark, the easiest would probably to backport the check for tcp.no_subdissector_on_error check from master-1.12 branch to this version (it is only a few lines of code at the beginning of decode_tcp_ports() function). answered 01 Jul '15, 11:19  Pascal Quantin |
