Wireshark · Wireshark-dev: Re: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only

Wireshark-dev: Re: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 16 Feb 2007 16:03:41 -0800


On Feb 16, 2007, at 3:28 PM, Ravi Kondamuru wrote:

I am trying to write a dissector for a non-standard rpc protocol.
Writing a heuristic to automatically identify the protocol isgetting too complicated. So, I was wondering if I could add adissector that can be used when I select a connection and explictlysay Decode As.
Is it possible to do that?

If your protocol runs directly on top of UDP or TCP, yes. (If it runson top of some other RPC protocol - i.e., if by "rpc protocol" youmean a protocol that is implemented using some RPC mechanism such asONC RPC or DCE RPC - then, no, you can't, and you *shouldn't*; there'salready a mechanism for registering dissectors for ONC RPC-based andDCE RPC-based protocols.)

If it is, any pointers to notes on how can it be done?

If your protocol runs on top of UDP, so that you'd want to use "DecodeAs" to indicate that a particular UDP port should be used for yourprotocol, then call


	dissector_add_handle("udp.port", {the handle for your dissector});

If your protocol runs on top of TCP, so that you'd want to use "DecodeAs" to indicate that a particular TCP port should be used for yourprotocol, then call


	dissector_add_handle("tcp.port", {the handle for your dissector});

References:
- [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only
  - From: Ravi Kondamuru

Prev by Date: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only
Next by Date: [Wireshark-dev] build problem at creating libwireshark.lib and object libwireshark.exp
Previous by thread: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only
Next by thread: Re: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only
Index(es):
- Date
- Thread