On Thu, Sep 10, 2009 at 4:59 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Sep 10, 2009, at 4:30 PM, vinayak kamath wrote:
We have our own custom decoder for a tweaked version of RTCP protocol.
Heres the code snippet where in we say anything on this udp.port
send the message to custom decoder.
##########################################################
if(!TWS_PortList("FOO", configFile, (int*)portList, MAXPORTS))
{
while (count < MAXPORTS && portList[count]!=0)
{
dissector_add("udp.port", portList[count], foo_handle);
count++;
}
}
##########################################################
But still wireshark decodes it as RTCP rather than FOO.
The dissector to which foo_handle refers is a non-heuristic dissector;
if RTCP's "Try to decode RTCP outside of conversations" preference is
set, the heuristic RTCP dissector will try to recognize RTCP packets.
If UDP's "Try heuristic sub-dissectors first" preference is set, the
UDP dissector will try heuristic dissectors before trying non-
heuristic dissectors; that means that if the RTCP dissector recognizes
packets for your tweaked protocol, it will dissect those packets and
your dissector will not be given a chance to dissect them. If that
preference is set, try unsetting it.
vinayak kamath wrote:
> Thanks .
> But in preferences i don't have "Try to decode RTCP outside of
> conversations" preference set. Even then it decodes as RTCP rather
than FOO.
> Is there any way for custom dissector taking precedence over
heuristic RTCP
> dissector??
>
> Thanks
> vinayak
>
Have you also cleared the following as indicated in Guy's reply??
> If UDP's "Try heuristic sub-dissectors first" preference is set, the
> UDP dissector will try heuristic dissectors before trying non-
> heuristic dissectors
>
PS: Please don't "top-post". :)
The EMail history gets very confusing.
See http://www.html-faq.com/etiquette/?toppost
