This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Multiple packets in the same plugin

0

Hi,

I have an issue. I have made a plugin for a protocol names View Change Messages. It is working fine. These messages can be seen on TCP port 7002. Now in response to these view messages, view accept and view reject messages are seen which are also on TCP port 7002. So I made a plugin (separate plugin) for view accept.

However, now since two of my plugins detect packets on TCP port 7002, only one plugins decodes packets.

So how to take care of different messages which work on top of same protocol and on the same port??

Regards, Sidharth

asked 03 Aug '11, 02:19

sidharth's gravatar image

sidharth
1222
accept rate: 0%


One Answer:

1

Surely these extra messages are part of the same protocol, and your single dissector should handle all of them? Why do you think that you need a separate dissector for each message?

answered 03 Aug '11, 03:28

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

i realize that now. But all these messages have different packet structures.!!! So how to deal with that??

(03 Aug '11, 04:04) sidharth
1

In your dissector add handlers for each message type, hopefully your protocol has some form of message type indicator in a common header that the code can use. Most dissectors obtain that value and then use a switch() to handle the separate cases.

(03 Aug '11, 04:38) grahamb ♦