Wireshark-dev: Re: [Wireshark-dev] Question concerning some specific protocol...
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sat, 30 Sep 2006 17:53:03 +0200 (CEST)
Hi,

Well that is simple then. Register your proprietary dissector for the UDP
port. If it's your protocol dissect it, otherwise hand it over to the RTP
dissector.

Thanx,
Jaap

On Sat, 30 Sep 2006, Tobias Erichsen wrote:

> Hi everyone,
>
> I have used Ethereal/Wireshark for some time now, and I would like to
> contribute by developing a protocol-plugin for a combination of a
> proprietary and an open protocol based on RTP...
>
> Both protocols run on the sample UDP port-pair tuple. The proprietary
> protocol can be detected very easy, as it has an easy to distinguish
> signature.  The RTP-based part is not, as RTP has really no good
> recognition value.
>
> So how would I design such a dissector, that if I detect the easy-to-
> recognize proprietary protocol on a UDP-port-tuple, that I could then
> heuristically see that the other datagrams will be the RTP-based ones
> and hand their decoding appropriate (writing again my own dissector
> for this specific RTP payload type)
>
> Best regards,
> Tobias
>
> PS.: I will be developing & testing the stuff on Windows-platform,
> cause that's what I'm most familiar with ;-)
>