Wireshark-dev: Re: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only
Thanks for the info.This protocol runs directly on tcp.
I have been able to use the approach you suggested to get an initial stub to work.
thanks,
Ravi.
---------- Forwarded message ----------
From: Guy Harris <
guy@xxxxxxxxxxxx>
To: Developer support list for Wireshark <
wireshark-dev@xxxxxxxxxxxxx
>
Date: Fri, 16 Feb 2007 16:03:41 -0800
Subject: Re: [Wireshark-dev] Adding a dissector for "Analyze->Decode As" only
On Feb 16, 2007, at 3:28 PM, Ravi Kondamuru wrote:
> I am trying to write a dissector for a non-standard rpc protocol.
> Writing a heuristic to automatically identify the protocol is
> getting too complicated. So, I was wondering if I could add a
> dissector that can be used when I select a connection and explictly
> say Decode As.
>
> Is it possible to do that?
If your protocol runs directly on top of UDP or TCP, yes. (If it runs
on top of some other RPC protocol - i.e., if by "rpc protocol" you
mean a protocol that is implemented using some RPC mechanism such as
ONC RPC or DCE RPC - then, no, you can't, and you *shouldn't*; there's
already a mechanism for registering dissectors for ONC RPC-based and
DCE RPC-based protocols.)
> If it is, any pointers to notes on how can it be done?
If your protocol runs on top of UDP, so that you'd want to use "Decode
As" to indicate that a particular UDP port should be used for your
protocol, then call
dissector_add_handle("udp.port", {the handle for your dissector});
If your protocol runs on top of TCP, so that you'd want to use "Decode
As" to indicate that a particular TCP port should be used for your
protocol, then call
dissector_add_handle("tcp.port", {the handle for your dissector});
