This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Regular dissector or heuristic dissector?

0

We have a custom hardware device that uses the IEEE 802.15.4 transport mechanism. To capture these data in WireShark, we are making use this project https://spaces.microchip.com/gf/project/wireshark_cap/frs/?action=&br_pkgrlssort_by=file_size&br_pkgrlssort_order=desc.

When the data is captured, data transmission packets appear as protocol LwMesh and acknowledgment packets appear as protocol IEEE 802.15.4.

We want to create a custom dissector, to be applied to all of our packets, to more readily understand the traffic. Based on my reading (and I am brand new to this), it is not clear to me if I should create a regular dissector or a heuristic dissector. In either case, I do not understand why the new dissector would be given preference over the existing one (or, similarly, how to apply a specific dissector to multiple packets).

Would you please point me int he direction of an answer. Thank you.

asked 09 Oct '17, 20:17

groston's gravatar image

groston
6335
accept rate: 0%