OSQA is unmaintained. Help us figure out where to go from here.

I'm trying to create a custom dissector for my protocol. I have used one bit of an unused option field in TCP. I want to dissect the bit I used. I know that I can dissect data field as I want it to be but I want to know if I can dissect the header field how I want it to be when they are already defined in wireshark

asked 14 May, 21:40

ngn505's gravatar image

accept rate: 0%

edited 16 May, 00:01

'one bit of an unused option field'? Are you referring to TCP options or to the reserved bits in the TCP header between the data offset and the control bits?

(14 May, 23:46) Jaap ♦

I'm referring the TCP option and padding field

(16 May, 00:02) ngn505

For what version of Wireshark are you developing?

(16 May, 04:10) Jaap ♦

it's version 2.2.5

(16 May, 04:43) ngn505

In master-2.2 branch the TCP dissector has a 'closed' list of TCP options it can dissect, otherwise it just presents the option data without interpretation. You'll have to add your code to the TCP dissector itself if you want to show the interpretation of that bit in new TCP option.

permanent link

answered 16 May, 23:35

Jaap's gravatar image

Jaap ♦
accept rate: 14%

oh that's great. Thank you for your help

I got one more question tho.. I was trying to find the TCP dissector but any of lua files I could see doesn't have clues of TCP option. Is TCP dissector contained in dll file? Or could you tell me where if you know?

(17 May, 22:26) ngn505

Wireshark is written in C / C++, not Lua. You can find the TCP dissector here.

(17 May, 23:19) Jaap ♦

Thanks a lot!

(18 May, 00:45) ngn505
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 14 May, 21:40

question was seen: 142 times

last updated: 18 May, 00:45

p​o​w​e​r​e​d by O​S​Q​A