| Main Archive Page > Month Archives > wireshark-dev archives |
Re: [Wireshark-dev] ask about dissector_add ( ) function to instruct wireshark to pass packet to my dissector
From: Jaap Keuter <jaap.keuter_at_nospam>Date: Wed Jun 22 2011 - 06:23:23 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>
Hi,
Have a look at packet-rtp.c, which does a similar thing.
Check for heur_dissector_add( "udp", dissect_rtp_heur, proto_rtp);
Thanks,
Jaap
On 06/22/2011 05:59 AM, cq x wrote:
> thank you
>
> on top of UDP
>
> yes, it is looking for a special value in the first byte of the packet
>
> Thanks again
>
>
>
>
> > From: guy@alum.mit.edu
> > Date: Tue, 21 Jun 2011 17:56:37 -0700
> > To: wireshark-dev@wireshark.org
> > Subject: Re: [Wireshark-dev] ask about dissector_add ( ) function to instruct
> wireshark to pass packet to my dissector
> >
> >
> > On Jun 21, 2011, at 4:18 PM, Changqin Xia wrote:
> >
> > > I am a newbie on dissector development. I have a question about the
> "dissector_add( )" function.
> > >
> > > I went through a few examples, most of them are using "tcp.port" or
> "udp.port" or something like that.
> > >
> > > My dissector not uses any port number to instruct wireshark to pass packets
> to my dissector, my dissector is using "Magic" (the first byte).
> >
> > What protocol does your dissector's protocol run on top of? TCP, UDP, or
> something els e?
> >
> > And when you say "my dissector is using "Magic" (the first byte)", do you
> mean it's looking for a special magic value in the first byte of its packet data?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe